A second common mistake that security professionals make is to take a one-size-fits-all approach to cybersecurity. We see things as black and white--for example, either it's encrypted or it isn't.

The common perception is that enterprise architecture teams come up with a great design that the programmers, network guys and everyone else agrees to, only to have security come in and offer a "solution" that totally changes the architecture. They want to add firewalls, zones, restrictions, new black boxes and more--it's so much that the cost increases keep the project from moving forward. While the security staff may view providing this kind of answer as a can-do approach, others see it as creating impediments.

Key #2: Offer 'Gold, Silver and Bronze' Options. Try to offer at least three alternatives. Look for other solutions from Gartner, Forrester, tech magazines and colleagues at other companies. Check with industry associations, former coworkers and outside experts who can help come up with a range of solutions. Help the business understand the risks associated with each option, then let its members make the final selection.

One warning: Watch out for people who always pick the cheapest answer. Don't offer alternatives that won't work or that you can't live with. If the mood in the room is totally low-cost, make sure that the risks are made clear before agreeing to deploy a "bronze" approach.

You might even have to bring in an outside expert to brief everyone. If you have a bad relationship with the business people, consider allowing them to pick the expert--but make sure the person has credibility in the area being discussed.