ABSTRACT
However, to create and maintain the professional respect of
staff outside of the information security organization, the
valuable information security skills of the team must be
articulated and expressed to create a positive, trusted image
with internal customers. Active listening and communication
delivery skills must be honed and a foundation set in standard
business and management terms, not information security
jargon. This opportunity of polished facilitating is an entry
to another opportunity in the discovery process, that of the
discoverymeetings themselves.When the information secur-
ity team has the chance tomeet with other internal customers,
an opportunity arises to create partnerships and allianceswith
other members of the organization. Finally, these initial
meetings give leeway for demonstrating and articulating
the different ways a risk assessment discovery process adds
value to the business area by providing an avenue to
re-examine their information, assets, and processes that sup-
port them. That is the opportunity these teams have purely by
the mechanics and outcomes of the discovery process.