• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

How 3 steps + 4 best practices can significantly improve your security posture

May 2, 2014 by Theresa Payton

security-postureDid the Heartbleed virus give you a heartache and headache all at the same time? The last 12 months of headlines are not just a rough patch for organizations regarding cybercrime. They are a sign of escalating threats and new tactics deployed by cybercriminals.

Need proof?

“Cyber security“ as a ranked risk moved last year to the top 3 risk factors faced by businesses on the Lloyds of London Risk Index.  If cybersecurity were an Olympic athlete, that’s the equivalent of taking home the bronze medal when you were a lonely and forgotten 12th place finisher only 2 years ago.

The first question executives typically ask me, “How much security is enough security?” The answer is a complex one and should be individualized to your organization’s risk tolerance. Consumers and business professionals alike should focus on the fact that internet security will always be changing. Every new technology that we adopt becomes tomorrow’s attack surface for cyber criminals.

Combating internet threats requires a comprehensive approach. Start with these three steps:

Step 1:

Not all digital assets are of equal importance! The first place you have to begin is to answer the question, “What digital assets that we create and own are worth protecting?”

Step 2:

You need a neighborhood watch program! Understand your vendors’ security measures, actively share information within your peer group about cybercrime, and proactively develop relationships with law enforcement.

Step 3:

People, process and technology are key. Tools, processes and employee awareness must also be fine-tuned in order to safeguard your organization.

Based on my time in the banking industry, the White House and serving our clients, I have some ideas on how to change the conversation, save you time and money, all while improving your security posture. We have to change the security conversation to this:

We will be hacked, and when that time comes, we will be ready.

Instead of a pure tool focus, the emerging best practice for improving your threat posture is a focus on best practices:

  1. Golden rule: security & privacy first
  2. Security = revenue
  3. WD40 your technology supply chain
  4. You will be breached eventually, rapid response and recovery is key

We can point to plenty of examples where security was built after the system was designed. When you do that, it feels as if a car sales person handed you a bag of balloons and duct tape and said, “This is your car’s air bag, be safe!” Security and customer privacy must be your golden rule before you build one framework. Security should be and can be a revenue generator.

How does that happen? By forming a security practice in your company with a framework to formulate ideas and foster innovation.

I have seen security actually transform the customer experience and I will share some real problems and real solutions with you when we meet at the Secure360 Conference in May. Some of the best and brightest security teams do not realize they have rusty leaks in their supply chain. WD40, or the way to prevent and remove rust, requires an upfit and update of your vendor management program.

All companies need to practice a digital disaster at least once a year. Name your worst digital nightmare and create a scenario based exercise to test out your rapid response and recovery plan. Make it realistic, time yourself, and grade your performance during the exercise. Be brutally honest with yourself about what is missing in your rapid response plan and work on improving your grade.

Want to learn more about these 3 steps + 4 best practices? Join me at Secure360 this May!

Filed Under: Guest Posts

About Theresa Payton

Theresa Payton is one of America’s most respected authorities on Internet security, net crime, fraud mitigation, and technology implementation. As White House Chief Information Officer from 2006 to 2008 — the first woman ever to hold that position – she administered the information technology enterprise for the President and 3,000 staff members. Prior to working in federal government, Payton held executive roles in banking technology at Bank of America and Wells Fargo.

As founder of Fortalice, LLC, a security, risk, and fraud consulting company, she now lends her expertise to organizations large and small, helping them improve their information technology systems against emerging, amorphous cyber threats. In 2010, she was named by Security Magazine as one of the top 25 “Most Influential People in Security.” She serves as a cyber expert for the syndicated program America Now and is co-author of Protecting Your Internet Identity: Are You Naked Online? 

Payton candidly equips audiences with far-reaching lessons on how to protect the growing millions who use the Internet daily as well as the organizations who are on the front lines of fending off rapidly evolving, infrastructure-crippling cyberattacks.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 7 hours ago

  2. Fusion Learning Partners
    Fusion Learning Partners: Congratulations @UMSAOrg on a successful 2022 #Secure360 event! We are honored to be part of your conference team &… https://t.co/RbT7IEG49G
    about 9 hours ago

  3. smallarmy
    smallarmy: @TylerCohenWood @Secure360 Good
    about 2 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.