# Exercise: "Decoding Security-Speak"

Consider the following security statements:

- "We need to implement a web application firewall to address OWASP Top 10 vulnerabilities."
- "Our environment contains several systems with RCE vulnerabilities requiring immediate patching."
- "The latest threat intelligence indicates increased APT activity targeting our sector."

How might these be translated into business-relevant statements? For example:

- "We need to implement additional web protection to prevent unauthorized access to customer data that could lead to regulatory penalties and reputational damage."
- "Several critical systems have vulnerabilities that could allow attackers to take control of them, potentially disrupting operations and compromising sensitive information."
- "Sophisticated attackers are increasingly targeting our industry, requiring enhanced detection capabilities to protect our intellectual property and customer information."

Identifying and translating jargon within your organization can help bridge the communication gap between security and business teams.

***

(c)[Kayne McGladrey](https://kaynemcgladrey.com/) - [Get the full book "Cyber Risk is a Myth"](https://www.routledge.com/Cyber-Risk-is-a-Myth-A-Business-Approach-to-Integrated-Risk-Management/McGladrey/p/book/9781041249054)