Have you been asked to provide updates on IT security for executives? That’s a tough challenge for many IT security professionals and managers. You’re comfortable diving into the details — looking at threats, testing systems, and more. Boiling down everything you have to say for an executive audience requires a new perspective.
You need to pick and choose the right details so you get the support you need to protect the organization. We have good news for you. There’s no need to start from scratch. Instead, use this step by step process to develop your first executive briefing on IT security.
1) Start With Why You Are Presenting an Executive Update
Before you start compiling data, consider the why question. The CEO may have dozens of departments sharing updates with the board. IT security is just one more topic they need to know. Here are some of the reasons why you need to deliver short, focused IT security for executive presentations regularly.
● Increase Engagement With IT Security
Your IT security is only as strong as your weakest link. For instance, what happens if 5% of your employees fall victim to phishing emails? That exposes the organization to increased risk. By presenting to executives, you can ask them to encourage all staff to participate in your next IT security training session fully. Executive reinforcement for IT security training helps to spread the message that every employee has a role to play in protecting the organization.
● Get More Funding
To improve IT security, a certain level of resources, skill sets, and software are required. To gain approval for purchases, your executives need to know your needs and that you are managing your department effectively. By presenting IT security executive updates regularly, you will be seen as more credible.
● Make Your Executives Look Good
IT security incidents are stressful for everybody, especially non-security executives. If you regularly present IT security for executives briefings, everyone will feel more confident. For example, your CEO can tell the media that you have an emergency response team in place and that the issue will be investigated.
● Increase Internal Cooperation
When your company launches a new product, partnership or app, IT security needs to be part of the project. However, security specialists sometimes suffer from an “out of sight, out of mind” challenge. To stay top of mind with your leadership, make it a priority to present regularly.
2) Identify Your Audience’s Goals And Knowledge Level
As you design your IT security for executives updates, calibrate your update to executive goals and knowledge levels. For example, the VP of sales wants to look credible in front of customers. Therefore, share updates about how you are increasing security protections for customer data. By contrast, the CFO wants to know that financial data is protected from disruption.
There’s no reason to guess about an executive’s goals. You can ask your executives about their goals and how you can contribute to them. If you do not have direct access to ask such questions, take an indirect approach. Review documents from town hall sessions, annual planning documents, and similar sources.
3) Build Your First Executive Report
When you first develop an IT security for executives report, assume you will have limited time to present. For example, you may only get sixty minutes once a year or once a quarter. In one hour, you can usually cover four or five areas in reasonable depth while still allowing time for questions.
As a starting point, provide updates on the following themes. First, cover key IT security metrics and performance goals. Second, provide updates on IT security threats inside and outside the organization. Third, provide an update on IT security projects currently underway. Fourth, offer a “lesson from the news” where you cover an IT security incident reported in the news. Sharing real-world updates is a great way to highlight what happens when IT security fails. Finally, reserve time for questions or introduce new initiatives you are developing. For inspiration on sharing IT security insights from the news, check out our article: What You Can Learn From Password Failures In The News.
4) Ask For Feedback
Depending on your executives, you may or may not get much feedback on your presentation. If you receive minimal questions and comments, it is up to you to get answers. Pose the following questions to your executives:
What IT security information in the presentation was unclear or confusing?
What IT security topics would you like to hear more about?
Were there any IT security terms or concepts that I could explain more effectively?
Executives may not feel comfortable admitting that they do not understand a given topic in a group setting. That’s why it is helpful to reach out to each executive to ask for feedback individually. Use this feedback to develop more executive friendly reports in the future.
Tip: Track IT security maintenance metrics internally so you can identify problems early. By reporting potential problems early (i.e. lack of user access reviews), you will come across as professional and prepared.
5) Take Note of Executive IT Security Questions and Follow Up
In an ideal world, you will be able to answer all IT security questions your executives ask you. However, that may not be possible. In those cases, bring an aide to the meeting with you. Ask them to take note of each question and comment that comes up.
After the meeting, get answers and follow up with each executive with a full response. This follow-up process after providing an IT security update will demonstrate your dedication and commitment to the organization.
How to Answer the “How Do We Protect The Organization’s Data Better?” QuestionSome executives like to ask open-ended questions to their staff. For example, you might be asked what other resources you need. Those questions represent easy wins for IT security if you are appropriately prepared. We suggest having a shortlist of options available such as a password management software solution or an IT security chatbot.