Protection of Data and Prevention: Advice for Chief Executive Officers, Managers, and Information Technology Staff

You and your people are both the problem and the solution.

Call it cybersecurity, information security, data security, or information assurance; the world has a problem with it. Whatever your rôle in an organization, you are not only a part of the problem: you are a critical part of the solution.

First, we consider what is actually happening “out there,” and how to define the problem. To a large degree what we see is a matter of mechanism being put to surprising uses. This is the essence of a hack, and not necessarily malicious.

Quickly turning our attention to malicious and unauthorized activity, we look at what organizations need to do to protect themselves. Critical elements include education, engagement, and management. Effective security strategies we present include running a program in-house and subscribing to a third-party program. Tactics that we discuss include various types of security assessment and technology evaluations.

Downloads:
PDF Protection of Data and Prevention: Advice for Chief Executive Officers, Managers, and Information Technology Staff

Whatever the mix of strategy and tactics you use for your organization, remember that everything you do has an inherent element of risk. Your goal is not to make risk zero, but to make risk acceptable, given the return that you expect. Even when security failures occur, they can be managed, and need not be catastrophes—as long as you’ve properly managed risk along the way.