Cyber Security + Compliance Controls: What Does It All Mean, Rick?

I’m sure you have all seen the Rickie Fowler commercial where the interviewer rants about all of the confusing financial terms involved with getting a mortgage. If not, you can find it below:

Confusion in Cyber Security

Throughout my career, I have worked with hundreds of organizations. Regardless of the vertical or size of the organization, I have found that many executives and security professionals feel like the interviewer in the Rickie Fowler commercial when it comes to their organization’s digital security. They don’t know where to start, for instance, nor are they aware of where and how today’s ever-evolving risks and threats affect the respective organization. As a result, they’re not sure how to best invest in digital security, focus their limited personnel around defending against digital threats and/or build a sustainable and effective security and compliance program.

In my line of work, it has also been my experience that foundational controls are often taken for granted, overlooked, considered boring and/or simply ignored. Compliance is, for the most part, a reactive process. Organizations throw everything and everyone at preparing for an audit, only to go back to business as usual when it’s over until the next audit cycle.

Like the interviewer in the Rickie Fowler commercial, business and security executives face a daily barrage of sales calls claiming that they can strengthen their organization’s digital security by buying the new shiny thing. In their pitch, the sales person references all of the new digital threats that are in circulation, all of security terms that are applicable to these risks and how they can, in turn, use this new shiny thing to solve all of their security and compliance challenges. Business and security executives then inevitably turn to their teams, like the interviewer in the Rickie Fowler commercial, and they ask (Read more...)