Cybersecurity

Been a lot of places and I’m going to be from here

Things that are true are often heard too much and we become “immune” to them.  Other things are true but not heard often enough.  This is especially true at Info Security conferences.  My list (add yours, please):

Heard too often Not heard often enough
You need to have an information security policy Control testing should never stop
You need to learn how to talk security to the “c-suite” You and your staff are part of the workforce; what are your practices?
Awareness is the key; your technology can’t protect you from untrained workers If everything is encrypted, then nothing is
Just signing that form when they’re hired doesn’t get them committed to your security program People, by and large, want to do the right thing
Just clicking through the annual training doesn’t get them committed to your security program Your commitment has to be to the security of the enterprise
XYZ company was PCI compliant when they were hacked If you think a nation state is really targeting your enterprise, you need to make contacts with law enforcement
You have some things that aren’t subject to security regulations like PCI or HIPAA  

One thought on “Been a lot of places and I’m going to be from here

  1. I’m tempted to move “You have some things that aren’t subject to security regulations like PCI or HIPAA” to the other column. The more I look, the more it seems there are actually *not* that many people acknowledging that some data which needs protecting is not subject to regulation at all. More on this in my next post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s