With the rise of digital transformation initiatives in 2020, a Chief Information Security Officer's (CISO) already stressful work environment has become even more complex
"A post-pandemic world has spawned other challenges for security professionals with the rise of remote work-like making sure data remained secure in an environment that wasn't constantly monitored, Zoom hacks, secure API integrations, and dozens of other issues. CISO's are facing more scrutiny about security posture from the Board of Directors than ever.
CISO's needed to be on the top of their game - because, in addition to those high-risk challenges, countless businesses found themselves fast-forwarding their digital transformation initiatives to adapt to the new normal. 2020 has been coined as the year of the great accelerator because initiatives that had been put on hold were now suddenly necessary to support remote work. With the lack of in-person face time, combined with security risks, many businesses were playing catch up as threat models and control points changed, and they seemed always to find themselves one step behind..."
Every organization needs to have security measures and policies in place to safeguard their data. Along with risk management plans and purchasing insurance policies, it's one of the best and most important ways to protect your data, your employees, your customers, and your business
An information security policy brings together all of the policies, procedures, and technology that protect your company's data in one document.
According to Infosec Institute, the main purposes of an information security policy are the following:
- To establish a general approach to information security.
- To detect and forestall the compromise of information security such as misuse of data, networks, computer systems, and applications.
- To protect the reputation of the company with respect to its ethical and legal responsibilities.
- To observe the rights of the customers; providing effective mechanisms for responding to complaints and queries concerning real or perceived non-compliances with the policy is one way to achieve this objective.
In addition, information security is a key part of many IT-focused compliance frameworks. If you're doing business with large enterprises, healthcare customers, or local, state, or federal government agencies, compliance with standards like SOC 2, HIPAA, and FEDRAMP are a must have and sometimes even contractually required. A detailed information security plan will put you that much closer to compliance with the frameworks that will make you a viable business partner for many organizations.
For anyone schooled in the sales discipline, this key tenet-hope is not a strategy-is at the core of consistent, predictable performance
"The book has been around for some time but it still resonates today. This same notion applies to security and risk management. All too often, security teams are reacting to the latest threat, struggling with maintaining policies on their security gateways and buried in alerts and access control issues.
Despite decades of investment in defense-in-depth strategies, many CISOs are hoping they won't be next. This is where isolation comes in. What if, rather than responding to attacks after the fact, businesses can prevent them from reaching workers in the first place? Not only is hope not a strategy, but it's bad for business. The 2020 IBM Data Breach Report put the cost of a breach at $3.86M in damages. Per breach. Seriously..."
See all Archived IT News - Security articles
See all articles from this issue