For most people, discussions on information security are “filled with strange names and words that would be gibberish in any other context.” In fact, I lifted that quote from todays Sunday Times and an article in which an American judge talks about Harry Potter novels. It brought to mind an email I received from some-one in my organisation a few days ago which simply stated “thank you, I could actually understand what this means” in response to some information I had distributed, which I took to actually mean “as opposed to the undecipherable hieroglyphics you usually post…”
As an industry, if we were to stand accused of producing gibberish and terms that would be meaningless in any other context then the verdict would be a unanimous guilty as charged. The problem is that this leads people to believe that information security is purely a technical subject, driven by techies, communicating in techno-speak. I like to think that the secret of my own success is clarity in my communication. However, when I look back through some of the messages I’ve recently sent out some of them are full of three letter acronymns and industry specific terminology that no-one outside of the “circle-of-trust” is likely to understand – let alone somebody who doesn’t have English as their first languge.
So, take a note Mrs Jones. Reminder to self – consider the audience and make the messages understandable.