IT executives still find it tough to pitch projects to board-level executives with both groups struggling to find a common language.
Commonwealth Bank of Australia information assurance executive manager Rob McMillan said it will be a long while yet before IT and management really understand each other. The difficult problems are "often not technical but about managing perceptions", he said.
McMillan said it is the responsibility of IT to educate management by making its executives more familiar with technical terms and, ultimately, more IT-savvy.
At the same time, he said technical staff need to broaden their understanding of business to pitch within a framework that meets the goals of the company.
"It is important to educate nonspecialists because IT means very little unless it's adapted to a business language [business] executives understand. Find out what their goals are and demonstrate how you can help them achieve it," Mc Millan said.
"If you have a vision communicate it well and understand your audience. This means giving people measurable success and demonstrating the benefits."
Don't be shy about marketing "your triumphs but be prepared to put forward weaknesses as well", McMillan said , speaking at the Auscert Information Technology Security Conference 2002 on Queensland's Gold Coast today.
"Let them know this is what we did [with a project] and 'I told you when we built this we would benefit'. Reinforce your win two years down the track," he said.
Western Australian Department of Industry and Technology information assurance manager Jim Meneely said it is tough pitching IT security projects because of the myth that it is IT's job to take care of this anyway and is not a management issue.
Meneely said there is still an attitude that it's OK to just buy security products 'out of the box' and discard any kind of policy framework or strategy.
He said the pitch should focus on "business risk management" and demonstrate how security projects can be an ROI enabler.
"Liability issues can be presented in a business framework to demonstrate that IT security isn't simply a cost," Meneely said.
A network security officer, who wishes to remain anonymous, said it is important to keep the message simple and offer a range of options.