Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 27 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

CISO view – Drastic times call for drastic measures

by The Gurus
November 17, 2014
in Opinions & Analysis
Share on FacebookShare on Twitter

In general, it is not a good idea to for security to prevent functionality, without providing an alternative means by which the business can get their work done.

As an example, under normal circumstances, the unavailability of a technology (or not providing a solution in the first place) by which to work when telecommuting or at home will likely lead to ‘shadow IT’ in the form of either utilising cloud based sharing solutions or personal email.

Business users will always find a way to perform the tasks they need to, regardless of the technical or procedural rules we put in place. However, in the case of the US Postal Service recently, if the suspicion is that a vulnerability in the VPN led to a breach of some , there is likely to be a wider acceptance of this short term measure ‘drastic times call for drastic measures’.

I don’t doubt however that since the internal directive was issued, workers are already finding ways to get things done from afar!

The cause of the breach at the US Postal Service has not yet been detailed, but one thing is for sure – it is likely to be a combination of people, process and technology failures. In this industry we often still suffer from “after the horse has bolted” type motivation to fix issues, we can but hope that in this particular case its the shock they need.

One of the important lessons that security functions have learnt over the last few years has not been about how to identify or prevent such activities but how to react when they do happen.

Something that I have been working on recently and something that I watched with interest is the way in which organisations externally address such breaches within the media. Organisations range from one end of the spectrum to the other; those that are quick to openly address their failures and the lessons learnt at one end, with those that bury their heads in the sand and pretend it hasn’t happened at the other.

In this day and age breaches are an inevitability not a possibility, and as security leaders we must get our heads out of the sand and prepare for that day to come. Work with those who are adept at external communications to craft messages conveying regret, but with a stout resolution to learn and grow from such events, committing to minimise the damage to customers or employees from this or any future breaches.

The benefit of swift and honest communication prior to any breach will not only benefit your organisation, but will resonate throughout the security industry. The times of pretending everything is 100 per cent secure are long gone: consumers, customers and employees are all beginning to realise this, let’s not insult their intelligence by refusing to the except the obvious.

Admit that these things happen and learn, grow and improve, but importantly never make the same mist
ake twice and always have the customer (whether internal or external) at the heart of everything you do.

Businesses and business functions that succeed generally do all of the above, why should security be any different?

Craig Goodwin is vice president of information security

FacebookTweetLinkedIn
Tags: BreachCISOFunctionalityShadow ITTechnology
ShareTweet
Previous Post

Anonymous take down KKK websites and Twitter accounts following taunts

Next Post

Gh0st Rat Comes Back To Haunt Us

Recent News

CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme

September 26, 2023
partnership

Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe

September 26, 2023
Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

September 25, 2023
Nurturing Our Cyber Talent

Nurturing Our Cyber Talent

September 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information