Being in the security profession for over 16 years, there are many things that keep me up at night, especially depending upon what is in the news. Lately with everything that has been going on in my personal and professional, I continue to wonder are people really getting the message about protecting personal and business information.
Those of us in the security profession look back over the years and the same vulnerabilities continue to appear in software and in networked environments. Yes, the bad guys continue to change, but taking 10 to 15 years to eliminate vulnerabilities that continue to exist is not good business sense. Information technology knows there are ways to do things more securely, yet do not make the time to do it right the first time.
From a business perspective instead of keeping up at the speed of light, we need to slow down to understand the business, technical and security requirements to ensure the technology uses people, processes, and technology to build the solutions that protect information assets. From the human side, we hear about things in the media so fast now - right or wrong / good or bad information that those who are not technically savvy may not understand what might really be going on. From the human perspective, we also need to slow down to ensure that information disseminated about events has less technical jargon, more business information, and in simple words. We are overloaded with so much information we do not know and may not listen to what really needs to be done to protect our information assets.
Stop. Think. Connect. We should do this in our personal lives, why don't we do this in our professional lives also. That is what really keeps me up at night.
--------------------
Sandy Bacik, author and former CSO, has over 16 years of direct information security experience in the areas of IT Audit, BCP/DR, Incident Response, Physical Security, Privacy, Regulatory Compliance, Policies/Procedures, Operations and Management. She also has an additional 15 years in Information Technology Operations.
Ms. Bacik has managed, architected and implemented information assurance programs in a variety of environments and developed methodologies for assessments, audits and security policy writing. She has performed and managed engagements for a variety of assessment types to ensure corporate compliance.
--------------------
Don't miss her presentation, "Secure Personal Mobility," at the Charlotte SecureWorld Conference on February 11, 2015.
