Expert advice on cybersecurity, cybersafety and cybercrime. Using real incidents, I explain why cyber risks occur, what form they take, and how they affect cybercitizens as individuals, employees, citizens and parents. Opinions expressed in this blog represent my personal views
Excellent capture of the essence of leadership's approach to Security. If there were no regulators insisting on security compliance by audits, most of us (security professionals) may have to find an alternate career :-). When will business leadership mature and treat security as an integral part of the business strategy?
Information security is not about policies and processes. Its about a mindset. Its a way of life. Its all about change management. Unless the employee genuinely believs in the concept with a sense of belonging - the comic strip above will continue to echo the majority approach to Audits
Information Security is all about practice. We generally pull our socks at the time of Audits which leads to disappointment at times. I will go with Manish that its a mindset. we all should adopt it. As a practitioner, we should take it seriously. It was a nice representation Lucius.
I agree with Manish that it is a mindset. It's not a complete mindset change, but a small portion. If every employee/associate contribute that small portion to information security or just security in general, the security practiitioners efforts would be easier. My firm philosophy is that it is truly about education. Education, practice, test and re-deducate.
Nicely projected the true scenario of Enterprise. On top of that enterprise tries to wash away the unwanted noncompliant processes and objects. The question is are we performing audits just for the sake of Compliance standard or are we really looking for streamlined enterprise operation.
Excellent capture of the essence of leadership's approach to Security. If there were no regulators insisting on security compliance by audits, most of us (security professionals) may have to find an alternate career :-).
ReplyDeleteWhen will business leadership mature and treat security as an integral part of the business strategy?
Information security is not about policies and processes. Its about a mindset. Its a way of life. Its all about change management. Unless the employee genuinely believs in the concept with a sense of belonging - the comic strip above will continue to echo the majority approach to Audits
ReplyDeleteInformation Security is all about practice. We generally pull our socks at the time of Audits which leads to disappointment at times. I will go with Manish that its a mindset. we all should adopt it. As a practitioner, we should take it seriously. It was a nice representation Lucius.
ReplyDeleteI agree with Manish that it is a mindset. It's not a complete mindset change, but a small portion. If every employee/associate contribute that small portion to information security or just security in general, the security practiitioners efforts would be easier. My firm philosophy is that it is truly about education. Education, practice, test and re-deducate.
ReplyDeleteNicely projected the true scenario of Enterprise. On top of that enterprise tries to wash away the unwanted noncompliant processes and objects.
ReplyDeleteThe question is are we performing audits just for the sake of Compliance standard or are we really looking for streamlined enterprise operation.