Communication is essential. For a security team to accomplish its mission, other teams should understand unambiguously what they want and expect, and take them into account at the different moments of truth.
The communication should be as simple and plain as possible. Like the light of a lighthouse. The message is crystal clear: here is the coast. Simple, to the point, and with all the relevant information included.
We don’t have to assume that our internal customer knows the terminology. We should avoid the use of technical or uncommon terms. Don’t assume either that they understand the rationale behind your message. Use non-IT examples and parables for them to understand.
The number of messages should be reduced to the minimum. Try to transmit only one message each time. When we try to transmit more than one message the listeners get confused and are not unable to identify which is the most important message neither are they able to remember it when necessary.
The key message should be repeated as frequently as necessary. Repeat, repeat, and repeat until you have verified that the receptors of the message have assimilated and interiorized it. Security areas usually transmit a message and then just expect other teams to comply with it “because it is its responsibility”. That’s not how human beings work. The lighthouse doesn’t rest, doesn’t assume anything, and doesn’t think that maybe he is insulting the receptors by repeating his message.
Are your security team transmitting a simple, unique, non-ambiguous message and repeating it continuously for other teams to assimilate it?