Robert Downey Jr. once said: “I think that we all do heroic things, but hero is not a noun, it’s a verb.” No, Mr. Downey, hero is a noun. However, the man makes an interesting point: in an organization a cybersecurity hero is defined by what they do to help protect the company’s infrastructure from security attacks. We’ll get back to Mr. Downey’s idea later, but when we look at the role of security champions, we’ll see he is definitely on to something.
In a National Cyber Security Centre (NCSC) blog, the UK organization states: “It’s very easy in cyber security to fall into the trap of describing people as the weakest link; ‘they shouldn’t have clicked on the link’ goes the cry; ‘why did they open that attachment?.” Instead, suggests the NCSC, people should be at the heart of security: “We think people are the unsung heroes of cyber security. We want to put people-centric thinking at the heart of cyber security.” And that’s where security champions come in too.
In this article, we will look at who a cybersecurity hero is and why businesses need a modern-day IT Superman. We will suggest that organizations should take a page out of the NCSC’s playbook and make people as important a part of a layered security approach as their physical infrastructure and security software.
What Is the Difference Between a Champion, an Ambassador and a Hero?
Cybersecurity champion, ambassador and hero – these titles are often used interchangeably, but there are subtle differences you should consider before you write your job advertisement. You can call your hero anything you like, but technically only the hero title is one that implies the incumbent’s role is that of a change agent.
What Is a Change Agent?
Implementation (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Penny Hoelscher. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/ZNQ-iWXGn7Q/