2. Let’s focus on the getting the basics right before we start worrying about any new threats or the latest cool vendor solution. Ensuring that basic security controls are in place and working as they should is not an easy task, particularly for large enterprises. Remember: without the basics controls in place, the new headline grabbing threats are not what you should be worried about as you are more likely to be breached as a result of an existing threat. Also, if you cannot get the basic controls working what makes you think you will be any more successful with the latest and greatest vendor solution?
3. Communicate proactively and clearly to senior management and the business. Whenever you see news headlines that will raise questions at senior management level, make sure to put your context on that story and highlight what you have in place to prevent it impacting on your organization. Communicating regularly with the business will also cement you - and not the media - as the trusted source for information security news.
4. Ask questions! Every time you hear a vendor, a conference speaker or read an article that makes statements without providing context or gives statistics without providing the data, ask yourself what are they trying to achieve? Don’t be afraid to challenge these sources and get clarification on how they are using data to support their arguments. Always ask why.
5. Finally, let’s work together and share information on how we can better protect our networks, systems and data. If you’ve managed to successfully implement a solution to a particular problem, share it with your peers. Post it online in a blog post or as a white paper. Consider li presenting it at a conference. It need not be a major conference - start with your local chapters of ISSA, ISACA, ISC2 or OWASP.
Our job as information security professionals is a challenging and exciting one, but let’s make sure the work we do is based on facts and logic and not on hyperbole and headlines.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.