Posted by: David Scott
content management, data breach, data security, data theft, IT plans, IT security, security plans, security policy
Awareness, Action and… Imagination
In Pt. II of this series, we ended by saying that we need awareness and action. We need collaboration with other organizations in mounting a broad front of proactive protection. We need everyone’s engagement as a stakeholder and owner of the organization’s health and surety: You don’t want to work in an unsecured environment, do you? You want business healthy and whole today, tomorrow, next year, and so on…
Almost any action is preceded by awareness. But being aware of threats, so as to mount prudent action of protection, still isn’t enough. Imagination is key. Prudent imagination.
The Security field continues to mature. The security-leader and his or her team can take advantage of best knowledge through review and appropriate sizing of solutions that have been evidenced elsewhere. This can be achieved by assessing peer solutions. Also look to partner with other corporate, community, and even law enforcement entities: stay alert for leverages that drive down cost, and grant sharing of solutions.
When participating with local, national and even global IT/Security entities and resources, be certain to consider new, growing, and evolving threats – and your required level of protection and response.
Watch for evolving expectations regarding privacy, confidentiality, and associated protections vis-à-vis developing threats (the key here is “developing” threats – not manifest ones that have already popped your security bubble).
In your Finite inside world, battling the outside’s Infinite, how do you determine the appropriate investment in mounting efficient, effective, security? Try comparing your investment to that being spent by peer institutions – and measure against their return.
Be certain your organization engages staff (the joint owners of security) to boost security awareness and responsibility.
As follow-on, use real breach incidents, both internal to the organization and external, to highlight “lessons learned” in mounting prevention of similar events.
Engage staff by asking them to research and teach security seminars within the organization – regularize the schedule. This helps to keep costs down while creating a real security force within the organization.
Measure your security campaign’s effectiveness through survey.
Of course, the real test and measure will be your organization’s overall immunity to breach and loss.
August 25th: On this date in 1922, the Cubs beat the Phillies, 26-23, in the highest scoring major-league game.