Page 66 - index
P. 66
and educated. If any one of the PPT disciplines is overly used within an organization the result
could be failure – which in turn will impact an organization’s brand, market share, consumer
confidence, and their associates negatively. No matter how many security layers a server is
protected by, and how locked down a server may be by policy – all it takes is one (1) associate who
has access to the server to write their password on a sticky note and post the note on their monitor
– don’t laugh – I have seen it done time and time again – even in the most secure facilities in the
world.
If organizations have no process in place to guide their associates or the technology implemented
on the correct actions and activities to take to be secure – how will the organization be secure?
Ultimately – they will fail at being secure.
Understanding that the three PPT disciplines are different from one another allows an organization
to start building the right tactical and strategic approaches for each discipline to be successful within
their organization focused on achieving their organization’s ideal state. Here are a few challenges
and suggestions that I have encountered over the years for each PPT discipline that may help you
on your organizations ideal state journey:
A – Process / Organizational
Challenges:
• Security requirements, rules, and policies are weak, not aligned with industry best practices,
or undefined
• Insecure operations, daily procedures not defined or not well defined
• No disaster recovery, business continuity, or break the glass procedures defined
Suggestions to overcome / solve these challenges:
• Share, Communicate, Document, Explain (SCDE)
• Enforce controls, policies, and procedures
• Automate where possibly only where it makes business sense
• Understand that high-risk procedures are not always the best procedures for automation
B – People / Associates / Human
Challenges:
• Lack of understanding of real business risks and threats
• Managers and Senior leaders have little involvement with defining Information Systems
Security Policies for the organization
• A culture that rewards thoughtlessness, carelessness, neglect, passivity, irresponsibility
• A culture of IT security shaming
Suggestions to overcome / solve these challenges:
66 Cyber Warnings E-Magazine – February 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
