New Year’s Resolutions from Rook Security Pros

Want a New Year’s resolution that doesn’t involve going to the gym or losing 15 pounds? Rook Security’s consultants have put together the following security-related resolutions for you and your company to consider.

I resolve to…

[Get Serious]

• “…work with information security professionals to ensure they truly understand our business.” -Chris Blow
• “…hire based on talent and capability rather than exclusively based on certifications held.” -Randy Wray
• “…push my Board of Directors to make an investment to understanding our levels of IT risk.” -Luke Klink
• “…refine my message to executive management, to speak their language, and enable the business to work within acceptable risks.” -RW
• “…make information security part of the process and not an add-on commodity.” -CB

[Get Educated]

• “…know where my critical or sensitive data is, what assets support the data, what controls keep the data safe, and monitor the data, assets, and controls.” -Arlie Hartman
• “…to define risks.” -RW
• “…gain visibility into my information assets so I can make informed, risk-based decisions.” -RW
• “…properly scope my [FISMA, PCI, Whatever] boundary and determine appropriate risk tolerance.” -RW
• “…make sure my staff has the education/training/capabilities we need to detect threats, take appropriate actions, and continuously improve our security posture.” -RW

[Get Proactive]

• “…not utilize procedures in the place of policies.” -Justin Baxtron
• “…be a champion in helping raise security awareness.” -CB
• “…not rely on ‘cyber insurance’ as an integral part of my overall information security program.” -CB
• “…not blindly throw technology at ‘problems,’ but formally assess issues to ensure we apply appropriate layers of people, process, and technology.” -LK
• “…acknowledge that some automated processes are not a substitute for a professional.” -JB

Do you have any other New Year’s resolutions you would add to the list? Let us know at info@rooksecurity.com!