Friday, October 16, 2015

Improving the readability of your reports

If you want to get ahead in DFIR (or any security discipline), your reports have to be understandable. I regularly see people who are more valued by senior leadership, yet less technically adept, get ahead simply because their reports are easier to digest.

I can't recommend enough that you improve your writing style and avoid the use of complicated language when you can avoid it.  One of the tools I use for this is the grade level check built into MS Word.  Of course not all parts of a report can avoid the use of technical jargon. But when writing an executive summary, I try to stay at or below the 7th grade level.

Apparently I'm not the only one to take this to heart.  California's annual data breach report notes that the average reading level of notices sent to consumers about data breaches was 14 in 2012 and 13 in 2013.  Since most of our populace doesn't read at this level, this is obviously problematic.  Organizations that send breach notices using language the target audience can't understand can expect mistrust to be the outcome.  The California breach report specifically notes:
While concerns about litigation risks may cause companies to draft notices in legalistic language that is less than accessible, we encourage companies to work with communications professionals to improve the clarity of their notices. Good writing can make the notices more readable, using techniques such as shorter sentences, familiar words and phrases, the active voice and a layout that supports clarity. 
Organizations seeking to instill confidence in customers should use plain language in breach notifications.  Security professionals looking to instill confidence in executives should do the same.  If you use language in the executive summary that your executives can't understand, expect negative outcomes.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.