Make it Meaningful: Everyone is a Stakeholder
Know your audience. Know critical operations. Know relevancy. Know what matters! There are three main audiences that cybersecurity professionals will work with: users, project or information owners, and key stakeholders (i.e., leadership, partners, etc.). Although individuals may fulfill multiple roles, it is important that the message you are trying to get across fits the purpose.
Users
Users are those individuals assigned capabilities to create, process, access, store, transmit, and communicate information using a computer or network service. While technically all personnel are users, in this context, we are referring to general and privileged operators.
Information / Project Owners
Information/Project Owners are those designated individuals assigned the authority to acquire, create, modify, delegate, and destroy information and information systems within their assigned area of control or business process.
Key Stakeholders
Key stakeholders are those individuals who are responsible for the day-to-day tasks and decision-making for the organization. They often hold the highest level of management (e.g., C-Suite) but may include external influencers such as investors and even government agencies.
In the previous section, we discussed the importance of integrating requirements into a formal program that defines and provides guidance on the protection of business data and resources. In this section, we will cover considerations to effectively communicate those established programs and policies.