Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Why's it so hard to say yes? - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Why's it so hard to say yes?
Quoting ZDNet: The average security team has a reputation of saying "no" to everything. This could come down to two things - training and leadership.
The best way to manage perception on this issue is to allow the business to understand the risk of saying 'yes'. If they accept the risks because the business can afford the consequences, then often a "yes" is applicable with some conditions or at a minimum a declaration that risks are acknowledged and accepted. Kevin Shortt

81 Posts
ISC Handler
A good friend once told me that as an industry, we need to change our NO to a KNOW. By knowing the desires of our business areas, we can stop being perceived as the "no police" if our first response to a new idea is anything but a NO. The very worst thing that could happen is that the business areas stop inviting us into their conversations.


77 Posts
ISC Handler
thank you Nokta

3 Posts

Sign Up for Free or Log In to start participating in the conversation!