2011 Information Security Resolutions
Think it’s too late for a New Year’s post? You must not have heard that January 12th is the new January 1st.
I’ve never been one for making New Year’s Resolutions. However, a quick search of the web finds that a lot of folks are. An awful lot of people are looking to lose weight, quit smoking, or get a new job this year. This got me to thinking; what are my InfoSec resolutions for 2011? It sounds like the perfect topic for a Five Things article.
- Don’t be satisfied with doing things ‘the way we’ve always done them.’ This is a problem not just for security folks, but in all areas of business. Change is how great things happen. As we continually seek to do more with fewer resources, finding inefficiencies in our processes and systems will become more important. In 2011, I don’t ever want to shoot down an idea simply because it’s not the way we’ve done things before.
- Strive for security, not settling for checking boxes. I’ve written about this many times in the past, but the tension between security and compliance is as real as ever. Compliance is required, of course, but it’s not enough. I will continue to strive to use my compliance initiatives to drive in real change, and real security, rather than settling for meeting my regulatory or audit requirement.
- Expand my knowledge into new technologies. The information security field is blessed with a great group of vendors and developers who continue to create better tools and systems. These companies continually push security technology forward, giving us new tools for protecting and detecting in our environments. In 2011 I will continue to learn more about these technologies and how I can better take advantage of them in my organization.
- Better align the security initiatives I work on with the business objectives of the company. Security does not exist in a vacuum. We are employed for the express purpose of helping our organization meet its objectives. If we accept that as true, shouldn’t we also accept that in order to do our jobs properly we need to understand the company’s objective? In 2011 I want to work harder to figure out where the business is going, and how I help it get there.
- Learn from (and network with) the InfoSec practitioners around me. Both in person at ISSA and ISACA meetings and security conferences, and online through twitter, linkedin, blogosphere and Infosec Island. There are so many brilliant people out there doing original thinking or perfecting the practice of information security. In 2011 I’m going to work hard to learn from these people.
Happy New Year!
Connect with Robb on Google+