ashumskiy - Fotolia

Manage Learn to apply best practices and optimize your operations.

How can CISOs promote interdepartmental cooperation?

CISOs should take on the responsibility of encouraging interdepartmental cooperation between the security team and IT operations. Here are five ways to accomplish this lofty task.

As a CISO, I recognize the need to develop better communication between the security team and the IT operations team to better secure my organization. However, we've had some cultural issues that prevented smooth communication in the past. What steps can I take as a security leader to facilitate better communication and teamwork between these two groups?

The nature of human behavior can often drive people to focus on their own work so much that it creates silos in the business environment. And the relationship between the CISO and IT operations is no exception. Silos have always existed between line and staff functions. A line function directly advances an organization in its core work, such as production, sales and sometimes marketing. A staff function supports the organization with specialized advisory and support functions. Examples include human resources, accounting, public relations, IT, legal and information security.

The larger the enterprise, the more harmful silos can be for its overall success. Silos create an environment where sharing and collaborative communication is virtually impossible. Given the existing climate of cyber threats, these two teams need to work more closely today than in the past.

There are ways for enterprises to overcome the silo effect and encourage better communication and teamwork between these two groups, including:

1. Performance measure: Regular performance reviews or self-evaluations should include a focus on interdepartmental cooperation not only as it relates to teamwork, but also with superiors and customers. This is somewhat subjective, but it does encourage cooperation. However, unless closely managed, employees may find creative ways to report on the cooperation measure and not accomplish its intent.

2. Consistent communication: Establish open and consistent communication between the security team and IT operations. Join and participate in IT operations management meetings. Become familiar with their business function and ask to present the company's role in critical asset protection. Sharing how information security helps IT operations can be more effective and mindful of risk mitigation and compliance. Don't rely solely on email or text messages -- pick up the phone or speak face-to-face.

3. Competent contributions: Give IT operations a reason to ask for your advice. They will seek your contributions if they are competent, viable, cost-effective and realistic. Understand how work is prioritized, allocated, processed and completed. Provide value added contributions based on their objectives.

4. Compensating controls: The CISO needs to be flexible and creative in recommending compensating controls where strict requirements might otherwise create a burden or prevent teams from meeting their departmental objectives.

5. Help teams succeed: Be willing to share the credit in implementing protection measures and risk mitigations. To ensure the company is secure, compliant and effective, speak well of each team to management and praise their resolve and cooperation -- even if it means they take all the credit.

Interdepartmental cooperation is based on a fundamental truth. It's all about helping others meet their objectives, understanding their reservations for reciprocating and adding value to your contributions. It will not be easy and it might even take time to accomplish that level of trust, but you need to take the first step. Ultimately the enterprise will see the benefits in good interdepartmental cooperation.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Find out even more benefits of having a CISO in an organization and further security team cooperation with the legal department.

This was last published in July 2015

Dig Deeper on Information security program management