2012 Enterprise Information Security Resolutions
I can’t believe it’s already been a year since I wrote my last Resolutions post. Overall, I believe those resolutions hold up pretty well. I’ve taken a few minutes to think back over 2011 and see how I did at achieving my resolutions… I am reminded that this ride isn’t a simple pass/fail endeavor. With that in mind, here are my 2012 Enterprise Information Security Resolutions.
- Successful information security is about making progress. It’s not reasonable or sustainable to expect all risks to be remediated as soon as they are discovered. Instead, my goal for 2012 will be to establish a positive trend, working toward improving security consistently and manageably.
- Become an expert in the business. Yes, being the expert in information security is critical to my success, but formulating effective security strategies requires more than just knowing security, it requires knowing how my company works, inside and out. What will be the effects of making that security change? Which business functions are most critical to the company’s success?
- Don’t trust technologies to fix security problems. All too often we are presented with technologies that can ‘fix’ our security issues. While we absolutely must have those innovative technologies, they are seldom going to be the fix root issue, and they will NEVER fix it without the proper support, analysis and scoping to make the technology work.
- Be a positive change agent in my organization. Security can often be seen as a road-block or impediment to progress. I must go into every project meeting, and hear every new technology request, not with a mind toward how hard it will be to secure, but toward how I can insert security into the process to make it better and safer for the business. My immediate response will be ‘how can I accommodate that?’
- Learn from cross-functional experts. Security doesn’t really exist as its own discipline. Information security is really a subset of application security, network security, email security, and many others. This resolution is more about a mind-set than anything else. I want to ensure that I view security as a part of a bigger picture within each of these disciplines and leverage those functional experts to understand context.
2012 is going to be a great year.
Connect with Robb on Google+