CISSP For Dummies

We are agents of change in our respective organizations: The state of threats and regulations is ever changing, and we must respond by ensuring that our employers’ environments and policies continue to defend our employers against harm. Here are some of the important principles regarding successful agents of change:

• Identify and promote only essential changes

• Promote only those changes that have a chance to succeed

• Anticipate sources of resistance

• Distinguish resistance from well-founded criticism

• Involve all affected parties the right way

• Do not promise what you cannot deliver

• Use sponsors, partners, and collaborators as co-change agents

• Change metrics and rewards to support the changed world

• Provide training

• Celebrate All Successes

 Remember   You’re not here to preach, but to recognize opportunities for improvement and lower risks to the business. Work within your organization’s structure to bring about change in the right way. That’s the best way to reduce security risks.