• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Sometimes, doing less is more in cybersecurity

May 28, 2015 by Secure360 and UMSA

Copyright: Dragon Images/Shuttertock

Copyright: Dragon Images/Shuttertock

Let’s be positive about security for a minute. Let’s put away all the doom and gloom stories about companies not investing enough in security and just accept that for right now. No, we don’t all have the security budget or staff we want, but that doesn’t mean we are destined for tragedy; most of us have less that we want, but we could be doing more with it.

3 choices for security resource management

Robb Reck of Dark Matters, wrote series of articles on resource management for security professionals and came up with three options for those with a limited resources:

  • Be a hero: Work 60 hours per week to make up for the lack of resources.
  • Lower the quality of work: Spread your resources thin so you can do more stuff.
  • Do less stuff: Prioritize and do higher quality work in fewer places.

While plenty of us have seen people and companies that operate on option one or two, those are both unhealthy and less secure options. Quality over quantity. It is better to do higher quality work in the most important, vulnerable places than to do low quality work everywhere.

How to do less

Doing less security work requires that you eliminate tasks strategically so you are not leaving your company’s data vulnerable.

Step 1: Inventory processes

What is everyone doing each day? Don’t assume. Ask everyone on your team what projects they are working on because you never really know if someone started something new and never told anyone—or stopped doing something and never told anyone.

Step 2: Match your processes to business goals

Are your efforts aligned with business goals or are they going unused? To complete this step, talk to people inside and outside your department. Find out why your department is doing what it is doing and then check to see if that reasoning is still valid. Sometimes you might find out that your team has just being doing things because “it is they way they have always done it,” but the process is no longer needed.

Step 3: Prioritize

The first projects you can ditch are the ones you found out were no longer needed during Step 2. Next, eliminate anything that is not inline with business goals. You don’t have the resources to be going above and beyond. Finally, you may need to eliminate some security projects. This is not ideal, but it is the reality of your situation. Do a serious risk assessment of all your security projects and eliminate the ones with the least risk associated with them. At the Secure360 Conference, Yan Kravchenko presented on a new project that helps businesses prioritize application security programs. It may look simple right now as a few PDFs and spreadsheets, but the information you gain will help you make informed decisions on which security measures will be the least risky to eliminate.

Steps 4 & 5: Create a plan to eliminate processes and enact it

The most important part of Step 4 is making sure there are no business needs left unmet when you eliminate your processes. You may need to hand off some business needs to another department or come up with a simpler, less resource-consuming way for your department to meet it.

Yes, our jobs would be easier with unlimited resources, but that is just not the reality we are living in right now. Take the time to figure out how your company can do less and be more secure.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 8 hours ago

  2. Fusion Learning Partners
    Fusion Learning Partners: Congratulations @UMSAOrg on a successful 2022 #Secure360 event! We are honored to be part of your conference team &… https://t.co/RbT7IEG49G
    about 10 hours ago

  3. smallarmy
    smallarmy: @TylerCohenWood @Secure360 Good
    about 2 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.