Skip to main content

Featured

Enhancing Cybersecurity Authentication in Government

The United States is continuously under relentless attack by state and non-state actors in cyberspace. Many believe the U.S. is losing the Cyber War with the staggering number of breaches year after year escalating to new heights.

For example, in 2015 Chinese hackers gained administrator privileges, enabling them to acquire full access to the computers of the U.S. Office of Personnel Management (OPM). Among other things, they were able to download confidential forms that list continuous contacts, including those overseas giving the Chinese communist government a new tool to identify and suppress dissenters. What is worse, federal authorities disclosed in a separate attack that gave Beijing full access to the confidential background-check information on federal employees and private contractors who apply for security clearances. That includes the 4.5 million Americans who currently have access to the country’s top secrets exposing them to blackmail.

Limiting the Damage
Hypothetical ri…

Don’t Let Organizational Politics Derail Security Initiatives


Information security is vastly complex, both technically and from a governance, risk and compliance (GRC) perspective. When workplace politics come into play, security best practices become more complicated and risk management is weakened significantly.

Security professionals commonly meet resistance when they attempt to implement IT initiatives that do not align with the organization’s political culture. Such an environment makes it extremely difficult to manage these initiatives. Security teams must recognize the obstacles they face and work to gain buy-in from key stakeholders.

The Problem With Organizational Politics

Denial can impede IT efforts — especially when C-suite executives are insulated from the realities of the security landscape. In many cases, when executives say that security is not in the budget, they simply mean that it is not on their radar and, therefore, doesn’t matter.

Other obstacles include hidden agendas and power struggles that prevent employees from sharing information with others. For example, some employees might withhold information as a tactic to ensure job security, while another staffer might use it as an organizational currency to buy influence. Chief information security officers (CISOs) may encounter this behavior during red on blue exercises when red team members refuse to divulge vulnerability test results to the security operations center (SOC) team, or at the very least aren’t totally forthcoming about their exploits.

Pushing the Right Buttons

No department is immune to the effects of organizational politics. Security professionals must thoroughly understand the political landscape and devise more effective ways to communicate risks to C-level executives. This communication must occur in business terms with a focus on the end business goals.

To successfully navigate organizational politics, IT professionals must gain their colleagues’ trust, which takes time. Start by forming personal connections with fellow employees or subordinates. People have their own individual interests and concerns, and leveraging them can go a long way toward building positive rapport.

The bottom line is that if IT professionals have the organization’s best interest in mind, executives and other stakeholders are less likely to question their motives. This trust enables them to foster alliances and more effectively advocate for security. The CISO can take it a step further by acting as a mediator to help employees in other departments find common ground when disagreements arise.
Organizational politics require security professionals to be adaptable. As executives and employees come and go, the political landscape shifts accordingly. The key is to understand what you’re up against and use your experience to keep security top of mind throughout the enterprise.

Comments