Condescending Corporate Communication
28
Condescending Corporate Communication How to stop talking down to people
description
Condescending Corporate Communication. How to stop talking down to people. Blogs. Credible but not convoluted Write with confidence and refinement but not too technical Conversational but not casual Genuine and clear without being too casual - PowerPoint PPT Presentation
Transcript of Condescending Corporate Communication
Condescending Corporate Communication
How to stop talking down to people
Blogs
• Credible but not convolutedWrite with confidence and refinement but not too technical
• Conversational but not casualGenuine and clear without being too casual
• Understanding but not sentimentalUse language that is empathetic and helpful
• Stay away from the acronyms
ComplianceWeek does it right
Paragraphs with no more than a few sentences
Use dashes to draw attention
Use contractions for easy accessibility
Paper
ISACA Jonline 2014 Volume 2: Security Policy—Keys to Successful
Communication
Success
• To be successful: – Know your reader– Write for that audience– Remember that comprehension varies – culturally,
educational range, age, interest level
Remember that the onus is on you to write for the reader
Why this is important
• ISO 27002: an adequate level of awareness, education, and training in security procedures must be provided and that employees, contractors and third parties are properly briefed on their information security roles and responsibilities prior to being granted access to sensitive information or information systems.
Too often the reality is different
The employee is left to his/her own devices to discover the relevant
portions of a policy, read and then understand the
contents lest he/she suffer the consequences of
noncompliance.
This effort would be largely successful if policies were written in such a way as to facilitate understanding from the policy audience at large. Instead, many are written at
reading levels that surpass the ability of the average employee to comprehend.
Recurring Theme: Reading LevelKey study (School Renaissance Institute and Touchstone Applied Science Associates, 2010) showed that that readers comprehend written information best when it is written at their reading level.
US Census Bureau – all surveyed regardless of working status
Studies show that people comprehend at two grade levels lower than the highest grade level attained
Reading Level
Results
Only one quarter to one third of workers read at a high school graduate or higher level
NCHEMS Workforce Study
74.9% of all population in the active US workforce graduated from high school 37% achieved an Associates or better
Reading Level for working population
65%-75% read at 10th grade level(National Center for Higher Education Management Systems)
Grade 9
Grade 9
Grade 9
Grade 10
Grade 7
If only 25%-35% of the workforce will understand and comprehend the policies you write, doesn’t it make sense when they fail?
Should we hold people accountable to policies that they can’t understand?
Roadblocks to Comprehension
• Research has shown that Acronyms and abbreviations are barriers to understanding
• Fluency is an important and potentially independent factor that contributes to comprehension skills– This applies to language (ESL)– Fluency in technical jargon, such as acronyms and
industry concepts, cannot be assumed
Practical Example
• My company employs around 1,400 staff– 65% are machine operators and other unskilled workers with no
requirement for post-secondary education– The other 35% have at least some post-secondary education– Staff are scattered across the US
• Policies are hosted on an intranet site (wiki) and training is conducted annually (CBT)
• Hyperlinks used to:– connect policies to standards and baselines– define terms and point to other resources– show connections between policies
• The intranet portal allows each employee to search the policies
Intranet Cont’d
• Policies are written at a 12-13 grade level – Procedures that support the policy are written at
9-10 grade level and associates are trained on them
– Standards and Baselines are full of terminology and acronyms which are referenced via hyperlink
How do you tell at what grade level you write?
Flesch-Kincaid • System was developed for the United States Navy in 1975 to test the electronic
authoring and delivery of technical information • Used by the United States Army for assessing the difficulty of technical manuals in
1978• Became the Department of Defense standard• Used in common word processors like MS Word• The Commonwealth of Pennsylvania was the first state in the United States to require
that automobile insurance policies be written at no higher than a ninth grade level– This is now a common requirement in many other states
• Two measurements used: Reading ease (chart below) and Grade Level (American grades)
Reading Ease Score Notes
90-100 Easily understood by an average 11-year-old student
60-70 Easily understood by 13- to 15-year-old students
0-30 Best understood by university graduates
Gunning fog index
• Developed by Robert Gunning in 1952• Designed to determine the years of formal
education needed to understand text on a first reading
• Due to limitations in the formula, Flesch-Kincaid is generally preferred over Fog
Coleman–Liau index
• Designed by Meri Coleman and T. L. Liau• Relies on characters instead of syllables per
word• Advantage is that it is easier to automate the
count of characters over syllables
Automated Readability Index
• Was designed for real-time monitoring of readability on electric typewriters
• Like Coleman-Liau, uses characters not syllables
PHP Readability Test Tool
Test Score/Grade Notes
Flesch-Kincaid Reading Ease 44.3
Flesch-Kincaid Grade Level 12.3
Gunning-Fog Score 15.8
Coleman-Liau Index 13.9L = avg # letters/100 words S = avg # sentences/100 words.
SMOG Index 11.8
Automated Readability Index 12.8
Average Readability Level 13.3
http://vanamburggroup.com/tool-readability-test.php
Readability results from the ComplianceWeek Blog post:
Word Lists
• Oldest method used to determine reading comprehension
• Top 1,000 words list (Wikipedia maintains)• Approach recorded as early as 2,000 years ago• Experimentally validated in early 1900s• Word lists are used to define writing styles for
authors of Readers Digest and other magazines designed to be read by the largest audience
Examples
Georgia Technology Authority: Information Security Technology Risk Management Policy
PURPOSE“Risk” is the net negative impact of the exploitation of a vulnerability, considering both the probability and the impact of occurrence. “Risk management” is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. An effective risk management process is an important component of a successful IT security program and an essential management function of the organization.The principal goal of an organization’s risk management process is to protect the organization and its ability to perform their mission. It fosters informed decision making, allowing the security management organization to balance the operation and economic costs of protective measures and achieve gains in mission capability.This policy requires agencies to take a risk-based approach to securing their information systems.POLICYEach agency shall institute an organization-wide risk management approach to information security that assesses the risks (including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction) to information and information systems that support the operations and assets of the organization.Each agency shall develop policies, procedures and select cost-effective controls (based on the risk assessment) that reduce information security risks to an acceptable level and ensure information security is addressed throughout the lifecycle of each organization’s information systems.
Item Notes
Reading Ease Best understood by university graduates
Grade Level Post Doctorate
Make it more readableOriginal text
Slight modification“Risk” is the possibility that something bad or unpleasant (such as an injury or a loss) will happen because of being vulnerable. The amount of risk is determined by figuring out how likely the possibility is to occur and how bad it will be. “Risk management” is how we identify risk, assess risk, and figuring out how to make it less likely that something bad will happen. It is important for us to have a risk management program as a part of our IT security program and it is essential to have it in the organization.
“Risk” is the net negative impact of the exploitation of a vulnerability, considering both the probability and the impact of occurrence. “Risk management” is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. An effective risk management process is an important component of a successful IT security program and an essential management function of the organization.
Reading Ease Best understood by university graduates
Grade Level Post Doctorate
Reading Ease Best understood 17-18 year old students
Grade Level 12th
More from GTADefinition of “Access Management”Access Management - The process responsible for allowing users to make use of IT Services, data or other assets. Access Management helps to protect the confidentiality, integrity and availability of assets by ensuring that only authorized Users are able to access or modify the assets. Access Management is sometimes referred to as Rights Management or Identity Management.
Reading Ease Best understood by university graduates
Grade Level Post secondary degree
Definition of “Malware”Malware, malicious code, malicious software - refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or otherwise annoying or disrupting the victim. Major forms of malware include but are not limited to: viruses, virus hoaxes, worms, Trojan Horses, malicious mobile code, blended attacks, spyware, attacker backdoors and toolkits.
Reading Ease Best understood by university graduates
Grade Level Post secondary degree
SunTrust Privacy PolicyYour privacy is our prioritySunTrust understands that financial information protection is important to you, especially in today’s online environment. With SunTrust's Privacy Policy, you can be assured that we use information responsibly to provide you with the services you request, and to make doing business with SunTrust easier and more convenient.Three things to know about financial information protection at SunTrust:•Because trust is critical to a solid financial relationship, SunTrust outlines exactly how and when your personal information is used in our SunTrust Privacy Policy. (Note: Adobe Reader is required to view the privacy policy documentation. Click here if you need to download Adobe Reader.)•You may have different ideas and expectations about privacy, which is why our consumer privacy preferences make it easy to further limit how your information is shared.•Privacy and security are a must when banking online. Our online privacy practices explain exactly how SunTrust collects, uses and protects information about your online activity.•The most effective privacy protection is the precautions you take to guard your account and personal information. Review our privacy resources to learn how to protect your information.
Item Notes
Reading Ease Best understood by university graduates
Grade Level Freshman in college
Google memoThis Tuesday (1/21), the San Francisco Municipal Transportation Agency (SFMTA) Board will meet to vote on the proposed shuttle regulations we told you about last week. The hearing will take place on January 21 at 1pm PT at San Francisco City Hall (room 400). While we recognized that many of you won't be able to make it during the workday, we encourage any interested Googlers who live in San Francisco to speak in favor of the proposal (please RSVP here if you are planning to attend). While you are not required to state where you work, you may confirm that Google is your employer if you are so inclined.If you do choose to speak in favor of the proposal we thought you might appreciate some guidance on what to say. Feel free to add your own style and opinion.*I am so proud to live in San Francisco and be a part of this community*I support local and small businesses in my neighborhood on a regular basis*My shuttle empowers my colleagues and I to reduce our carbon emissions by removing cars from the road*If the shuttle program didn't exist, I would continue to live in San Francisco and drive to work on the peninsula*I am a shuttle rider, SF resident, and I volunteer at…..*Because of the above, I urge the Board to adopt this pilot as a reasonable step in the right direction
Item Notes
Reading Ease
13- to 15-year-old students
Grade Level Sophomore in High School
Conclusion
• When we use terms and concepts that cannot be understood, and we demand compliance, we appear to be condescending
• Empathy is as important a skill when writing policies or other corporate communication as is a large vocabulary
• It is important to know your audience
