• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Let’s be honest; let’s talk about what’s happening

January 8, 2013 by Michael Kelly

CollaborationToday’s cyber security landscape is littered with regulations, best-practices, arms races and ever-increasingly complex technology tools. As technologies advance, so must the controls we use to secure them. To this end, companies do the obvious; they educate people in technologies and securities, they implement the myriad tools and processes required to keep up, to keep secure.

But there is an oft overlooked ingredient that, when combined with all of this hard work and development, can give not only your company, but many other companies, an upper hand. It’s often overlooked because it’s difficult.

What is it? Its open communication among organizations talking about real security breaches and incidents they’ve experienced. Until organizations share this information, setting up defenses against a force we don’t fully understand will be expensive with little to no payback.

We as security professionals are not doing a good job of “opening the kimono” and talking honestly about our security postures or our vulnerabilities. Ellyne Phneah talks about several reasons for non-collaboration in a ZDNet article March 9, 2012. Outside of regulatory reporting requirements, Phneah notes that one of the reasons for keeping hush-hush stems from the desire to protect our reputations. Other reasons are seated in a basic lack of expertise; knowing how and when to report and analyze security breaches.

Here are some initial steps organizations and individuals can take to start opening up conversations – to start collaborating:

  1. Before you do anything, the management team within your organization has to agree that this type of collaboration is acceptable and allowable. Your company and its leaders have to be comfortable with discussing sensitive issues facing the organization with outsiders.
  2. Look to partner and collaborate with similar companies. You can set up face-to-face meetings with peers in these organizations to talk about shared experiences. Of course, confidentiality must be maintained. A non-disclosure agreement (NDA) serves such a purpose.
  3. Establish agreed upon methods to regularly share incident and event information with peer organizations. This information could become fodder for discussion in face-to-face meetings.
  4. Encourage thought leaders within your organization to participate in external professional security organizations. With the right level of caution, this type of collaboration can yield great insight into new and innovative methods of countering cybercrime.
  5. Encourage corporate leadership’s participation in thought-leadership forums and summits. With company leadership plugged into the heartbeat at a CXX level across corporations, lower level thought leaders within the company can form stronger, more trusting relationships with their peers in those same companies.

The importance in openly and honestly sharing breach, incident and event data with outside entities is growing. We can no longer plan our defenses in the vacuum of secrecy behind the walls of our organization. There is a wealth of shared knowledge that can make everyone stronger and wiser. Our job is to begin paving those door-opening roads with our peers.

Filed Under: Guest Posts

About Michael Kelly

Mike Kelly was the president of the Upper Midwest Security Alliance (UMSA). Mike has been an information security practitioner for over 15 years. He has built consulting companies focused on systems management and security. As well, he has working in large corporate environments, focusing on IT infrastructure security, application security and risk management. Mike’s career has spanned all aspects of Information Systems, from development, to research and design, to systems and infrastructure. Mike is an entrepreneur at heart and will take any opportunity to build partnerships through strong relationships. In his spare you can find Mike either with his children, on his bicycle or simply outdoors.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: New post alert! Learn more about our awesome 2022 @UMSAOrg #scholarship winners https://t.co/C8VnqX3wWW
    about 4 hours ago

  2. Secure360 Conference
    Secure360 Conference: With so much fun had this year, we're eager for next year! Mark your calendars for May 9-10, 2023 back at Mystic La… https://t.co/Cbk0abnNSO
    about 1 day ago

  3. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.