Listen, Trust and Verify

One of the many benefits of working as a cybersecurity specialist is the diversity of people that you can engage with. This is so important if you want an effective security program that sits alongside the business to ensure that business objectives are met in a secure manner. So, the reality is that there needs to be a strong foundation of trust between the various stakeholders so that collaboration can flourish. Trust is built when there is transparency and when expectations are clearly defined. A necessary tool in business is the audit process, in cybersecurity even more so in these pressing times. Sadly, there is often resistance to the audit process and just like a visit to the dentist the apprehension and fear often obscure and even completely hide the benefits. So, my question is what do we believe in? Is prevention better than the cure or would we rather pull teeth than save them? If you like having teeth pulled with no anesthetic please stop reading, this article is not for you. If on the other hand, you like to avoid pain and inconvenience please read on. Everyone knows how audits work, but often forget that some pre-audit ground rules can really smooth the process. Specifically, we are talking about managing expectations. So, in the context of audits, it is most important to LISTEN, TRUST and VERIFY.

 "When you speak, you only repeat what you already know, but when you listen, you can learn something new." Dalai Lama

The clarity and transparency that are so vital to building trust must be established early in the process. Here is what experience and Professor Google have taught me:

- Be clear about communicating the audit benefits, e.g. "This audit will show what a good job department x is doing and with your cooperation will make you even better!"