Regularly the President of the United States delivers the State of the Union address. This practice "fulfills rules in Article II, Section 3 of the U.S. Constitution, requiring the President to periodically give Congress information on the "state of the union” and recommend any measures that he believes are necessary and expedient.".

What if you as an information security leader held an information security State of the Union address with the explicit purpose of educating both your leaders and business partners on your information security program and the areas of focus for the next year? Communicating to those who are not in our area is certainly a challenge; however, the benefits outweigh the effort in several different ways.

By being intentional at sharing the state of your security union, you can not only deliver the status of your program but also equip your leaders with information they can quite literally share in environments that your team is not able to attend.  

What are some candidates to include in your State of the Union?

  • Effectiveness of your program
  • Opportunities to improve your program
  • Communicate recent achievements
  • Demonstrate stewardship of your resources
  • Show how your team supported objectives of your organization
  • Possible actions that you want others to take
  • Clear call to action to the leaders to increase support, funding, and staffing
  • Opportunity to receive feedback

How are you communicating the State of Your Security Union? Please leave what works in our comments section below!

Russell Eubanks

ISC Handler

SANS Instructor

@russelleubanks

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status