Читать книгу CISSP For Dummies - Peter H. Gregory - Страница 43

As a certified security professional, you’re an agent of change in your organization: The state of threats and regulations is ever-changing, and you must respond by ensuring that your employer’s environment and policies continue to defend your employer’s assets against harm. Here are some of the essential principles for being a successful change agent:

 Identify and promote only essential changes.

 Promote only those changes that have a chance to succeed.

 Anticipate sources of resistance.

 Distinguish resistance from well-founded criticism.

 Involve all affected parties the right way.

 Don’t promise what you can’t deliver.

 Use sponsors, partners, and collaborators as co-agents of change.

 Change metrics and rewards to support the changing world.

 Provide training.

 Celebrate all successes.

Your job as a security professional doesn’t involve preaching; instead, you need to recognize opportunities for improvement and reduced risks to the business. Work within your organization’s structure to bring about change in the right way. That’s the best way to reduce security risks.