Your company’s data and network are critical infrastructures; no different than a warehouse, a bank vault, or a loading dock. While the latter items are physical and tangible, information security isn’t, which seems to create a disconnect for some. In the game of budget prioritization, the physical items seem to creep to the top of the priority list and the things like information security (InfoSec) fall by the wayside.
Most CEOs, COOs, and CFOs understand that there is a need to give some treatment to the issue of InfoSec, but few are really digging in. They are not always listening to the CIO or CISO when they tell them that there is a real need for InfoSec funds, and a need to create corporate awareness and systemic frameworks on how their company will institute an InfoSec program.
I say it’s time to take the bull by the horns and address the issue head on!
Yes, that is really me, and no its not photoshopped at all. I was really in the ring with a bull and I really broke my ribs because of the hit. I was playing a rodeo game where I stood inside of a hula hoop and hoped that the bull didn’t want to use me as a toy. That didn’t work out so well, but it is a good illustration for this article. You must be willing to grab the InfoSec bull by the horns and then deal with whatever body blows happen from there. It will likely create some internal opposition, and it may make some people unhappy. Your company will ultimately be better for it, though.
If you are the business owner, an officer of the company, a manager, or a board member, you should be driving the InfoSec message at every opportunity. The reality is that there are malicious people out there in the world that wish to do your company harm. One of the easiest ways to do that is to compromise your critical infrastructure and your network and your data are prime targets. Again, using the critical infrastructure analogy I started with, you wouldn’t ignore a warehouse issue or a broken loading dock, and you should not let the scariness of InfoSec prevent you from starting to implement best practice InfoSec.
The decision to take InfoSec seriously is realistically one that should have adoption from the board level down and should include your board members. Let me share a story from a friend who is a C-suite-level manager at a household name company. He told me once over a beer that the board of directors at this well-known company was so fundamentally committed to their information security program that they actually knew obscure details like how many users and machines they had attached to the network. They even know the InfoSec policies from memory and regularly ask intelligent questions about the current environment.
THIS is the sort of approach that you need to adopt at your company, and yet many find InfoSec too daunting, elusive, scary, and expensive. None of these need be true. At FRSecure we help our clients create awareness about InfoSec, help plan and implement policies, and assist every step along the way. We are vendor agnostic on software, hardware (really), and can even provide a virtual chief information security officer (vCISO) to you if you are limited on budget, but need a part-time CISO.
FRSecure is here to help, we are experts that have been in this industry for over 10 years and have your interests in mind, not a piece of software or hardware that we want to sell you. We really want to fix the brokenness of the InfoSec world. The decision is an important one and you should consult a security professional when you are evaluating your needs. We are happy to help and look forward to working with you.
Jump into the arena, take the bull by the horns, and put your company’s information security in a good place.