dcsimg

Five Myths Holding Your Security Program Back




1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Five Myths Holding Your Security Program Back-2 Next

Level of Control

Myth #1: Security success depends on the level of control you have over your environment.

The Reality: It's not about implementing more stringent controls. What's more important is having better visibility into your organization's data. The primary point of risk is anywhere data is in motion. Just having controls everywhere is insufficient. If your controls fail, chances are you won't even notice. Most organizations victimized by data breaches are discovered by a third party.

Dan's Advice: The shorthand advice here is: "Focus on data visibility, not the controls." Controls can't be effective without real visibility on data movement. This is the primary focal point for any successful security regime. With better visibility into what is happening to the data, the controls you develop will be more intelligent.

One could argue that cybersecurity is the most intellectually demanding profession on the planet. The rate of change is so great that no challenge is ever solved and no problem ever resolved completely. That said, security failures more often result from a lack of direction and focus, not of skills or resources.

The five myths in this slideshow, identified by Dan Geer, were selected because they address pain points common to many organizations, and successfully addressing them will give reasonable assurance of some quick wins. In reviewing this list, continue to ask yourself how to apply the advice to your organization and its unique cybersecurity ecosystem. The myths endeavor to challenge you a bit on how you think about the difficulties we all face.

Dan Geer is the chief information security officer at In-Q-Tel, a not-for-profit investment firm that works to invest in technology that supports the missions of the CIA and the broader U.S. intelligence community. Previously he was chief scientist at Digital Guardian (formerly Verdasys). Geer was a key contributor to the development of the X Window System as well as the Kerberos authentication protocol while a member of the Athena Project at MIT in the 1980s. Shortly after, Geer created the first information security consulting firm on Wall Street in 1992, followed by organizing one of the first academic conferences on electronic commerce in 1995. Geer is also the past president of the USENIX Association where he earned a Lifetime Achievement Award.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.