Estimated Reading Time: 2 minutes
To ensure both safety and survival, we all have to recognize our personal responsibility for information security.
Admiral Michael Rogers, the director of the National Security Agency, said he expects a major cyberattack. “It’s only a matter of the ‘when,’ not the ‘if,’ that we are going to see something dramatic.” Many other security experts would agree with him:
- John Masserini, the charismatic Chief Information Security Officer at Miami International Holdings, recently told a gathering of 200+ Chief Security Officers that, “Every day Chief Information Security Officers wake up and worry, ‘Is today going to be THE Day?’”
- Steven Young, VP Security & Risk Management and CISO at Kellogg Company, is similarly candid when he explains, “Security never ends. It is a boxing match that goes on forever. It is just one big beating.”
- Eddie Schwartz, the former Chief Security Officer at RSA, liked to open his talks about information security with a slide featuring one white pawn arrayed against all the black chess pieces.
With quotes and images like this in mind, I queried boards of directors, senior executives, CIOs, and line of business directors as to what they were thinking and doing about information security. I specifically asked if we would ever reach a point where someone knowledgeable about the threat landscape would be able to sleep at night. All agreed that the path to less worry involves not only shrinking the attack surface [infosec speak for giving the bad guys a smaller target] but broadening the defense team [i.e., engaging the entire enterprise in the security endeavor]. Let’s take a look at that second point, because broadening the defense team involves you. And me.
Read the full article here:
Copyright © 2002-2020 John Masserini. All rights reserved.