Five Myths Holding Your Security Program Back

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Five Myths Holding Your Security Program Back-3 Next

Data Discovery and Classification

Myth #2: Effective data protection must start with a lengthy and complex data discovery and classification process.

The Reality: Data discovery and classification are important, but be practical. It's disabling to your efforts to march step by step in a linear quest to attain the perfect schema. Discovery and classification are ongoing processes that are never complete. Continue to rely on them for mid-course corrections.

Dan's Advice: Start with building a baseline set of protections based on data context. There are fewer kinds of context than there are types of data. Start with the assumption that breaches are inevitable and base your contextual hierarchy on where the critical IP resides. Focus on blocking or blunting the effect of an attacker's potential malicious activities, which is most likely a small and reasonable number of potential actions. Combining context awareness with transfer visibility makes your data protection schema more scalable.

One could argue that cybersecurity is the most intellectually demanding profession on the planet. The rate of change is so great that no challenge is ever solved and no problem ever resolved completely. That said, security failures more often result from a lack of direction and focus, not of skills or resources.

The five myths in this slideshow, identified by Dan Geer, were selected because they address pain points common to many organizations, and successfully addressing them will give reasonable assurance of some quick wins. In reviewing this list, continue to ask yourself how to apply the advice to your organization and its unique cybersecurity ecosystem. The myths endeavor to challenge you a bit on how you think about the difficulties we all face.

Dan Geer is the chief information security officer at In-Q-Tel, a not-for-profit investment firm that works to invest in technology that supports the missions of the CIA and the broader U.S. intelligence community. Previously he was chief scientist at Digital Guardian (formerly Verdasys). Geer was a key contributor to the development of the X Window System as well as the Kerberos authentication protocol while a member of the Athena Project at MIT in the 1980s. Shortly after, Geer created the first information security consulting firm on Wall Street in 1992, followed by organizing one of the first academic conferences on electronic commerce in 1995. Geer is also the past president of the USENIX Association where he earned a Lifetime Achievement Award.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.