Improving information security with one simple question
by Brian Honan - Head of IRISSCERT - Monday, 17 December 2012.
Why are vendors pitching story after story about the above issues? Is there a genuine concern that we should be aware of, or is it simply a way for vendors to make companies more nervous about their security and therefore buy their products? Is all the talk and hype about cyber-warfare and cyber-weapons something that we all should worry about or is it a way for vendors and other interested parties to create a perceived need for governments and industry to provide funding in this area? By asking “why are these stories appearing in the first place?” we can better understand the issues that really affect us as professionals, as a community and also affect our organizations.

The question “why?” should not just be reserved for vendors, pundits and those in the information security industry - we should also look into our organizations and ask the same question of them. We need to better understand the business that our organizations are conducting so we can better protect them. By engaging with our business colleagues and asking them the question “why?” we can better understand the issues the business is trying to address. It can help us eliminate unnecessary distractions and allow us focus on delivering real value and benefits to the organization.

Let’s stop being distracted by the “who?”, the “what?”, the “where?” and the “when?”. Let’s focus instead on the “why?”. It is time to reignite the curiosity that drove the early pioneers of the security community and made “why?” a useful tool once again.

Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to the Europol Cybercrime Centre, an adjunct lecturer on Information Security in University College Dublin, and he sits on the Technical Advisory Board for a number of innovative information security companies. He has addressed a number of major conferences, he wrote the book ISO 27001 in a Windows Environment and co-author of The Cloud Security Rules. He regularly contributes to a number of industry recognized publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites.


More than a third of employees would sell company data

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jul 31st