To ensure both safety and survival, we all have to recognize our personal responsibility for information security.
Admiral Michael Rogers, the director of the National Security Agency, said he expects a major cyberattack. “It’s only a matter of the ‘when,’ not the ‘if,’ that we are going to see something dramatic.” Many other security experts would agree with him:
- John Masserini, the charismatic Chief Information Security Officer at Miami International Holdings, recently told a gathering of 200+ Chief Security Officers that, “Every day Chief Information Security Officers wake up and worry, ‘Is today going to be THE Day?’”
- Steven Young, VP Security & Risk Management and CISO at Kellogg Company, is similarly candid when he explains, “Security never ends. It is a boxing match that goes on forever. It is just one big beating.”
- Eddie Schwartz, the former Chief Security Officer at RSA, liked to open his talks about information security with a slide featuring one white pawn arrayed against all the black chess pieces.
With quotes and images like this in mind, I queried boards of directors, senior executives, CIOs, and line of business directors as to what they were thinking and doing about information security. I specifically asked if we would ever reach a point where someone knowledgeable about the threat landscape would be able to sleep at night. All agreed that the path to less worry involves not only shrinking the attack surface [infosec speak for giving the bad guys a smaller target] but broadening the defense team [i.e., engaging the entire enterprise in the security endeavor]. Let’s take a look at that second point, because broadening the defense team involves you. And me.
Read the full article here:
Copyright © 2002-2020 John Masserini. All rights reserved.Share!