ALL Security is Local

Saturday, May 22, 2010

Ron Baklarz


Thomas P. O’Neill, former speaker of the US House of Representatives Tip O’Neill’s father, once said that “all politics is local.”  He postulated this axiom upon his son’s experiencing his first, and last, political loss.  What the wise father was advising his son was that he needed to be aware of and work harder on the political issues in his own backyard in order to achieve success.


In considering this concept, it struck me that it may be equally true that, “all security is local.” 


1.      Culture – one of the primary factors in building successful information security programs is to determine the culture of your organization.  Will it be easy or difficult to implement the various security initiatives that you have planned?  I have had the opportunity to work in government, military, and private sector organizations.  In the military experience, implementing security was much easier than the experience I had while at the American Red Cross.  The sentiment at the Red Cross was that no one would want to do harm to this great humanitarian organization.  I spent from September 11th through Hurricane Katrina thwarting the evolving cyber-related fraud and attacks associated with those and all catastrophes in between.   


2.      Threat Profile – but definition, the very nature and business of your organization will constitute a threat profile.  While many cyber attacks are opportunistic (i.e., looking for the easy targets and latest exposures for exploitation) many are focused on specific organizations and industries such as banking, military, etc.


3.      Environmental Factors – you need to determine how conscientious your technical staff is in performing routine activities such as patching systems, deploying anti-malware updates, and effecting rigorous testing and change controls.  Sloppy account management and administration will be a major hole in your security.  It’s the little things that count.


4.      Education and Awareness – make sure your employees and contractors are aware of security policies and adhere to them.  Routinely publics awareness materials and remember to “Trust but verify”.

Enterprise Security Security Awareness
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.