Context
As a security professional, I make a lot of security decisions which impact engineering most of the time and other teams many times and sometimes the whole organization as well. Recently I observed that the transparency of those decisions are missing many times. My thoughts on the same below and how to make it better.
What is transparency in security decision making ?
Transparency in a decision making process means that everyone understands both the decision-making process and the thinking behind any decision in which they have an interest.
Why is it needed ?
Benefits are obvious but it will lead to better trust, collaboration and cooperation if we need to name a few.
How to be transparent in decision making ?
- Be transparent with yourself about the decision first. It means the decision maker should be very clear about why that decision is made by them and how that decision is made. If possible try to document it if the decision is made for a complex problem or use case.
- Collaborate with stakeholders (wherever possible) during the decision making process.
- Communicating the decision to stakeholders – Do not only communicate a decision but also why it is made and process or methodology adopted for the same.
- Feedback and Improve – Take feedback from stakeholders and refine the decision and the related process if needed.