The attack surface continues to expand and has made the job of the CSO increasingly complex and challenging. It's not just technology alone anymore but increasingly it takes the village to secure the enterprise. The village of internal and external partners and the end-users all using and sharing effective technology and security best practices makes for a better and more secure organization. For many of us we have sown the seeds of this partnership and technology a while back and it is now that time of the year to give thanks for the harvest that our security 'village' has yielded to us.
1. A good night's sleep
With data breaches happening almost every week or so it seems, security teams have to be 'always on' and thankful for a good night's sleep, when we can get it.
2. Security aware users
Alert and security-aware users are our best line of defense. The more aware our users are the less likely they are to fall for phishing attempts and therefore reduce the number of attacks.
3. Information security staff
Good staff is hard to find and more importantly hard to keep. Grateful that we have retained our talent for another year
4. Great executive management support
Just like the information Technology team, executive support is key to a successful information security program. Without executive support much of the information security program stays in the policy document only and it is only with their support that information initiatives can be funded and take off.
5. Great Information technology partners
Without the help and support of the information technology team, our task of securing the network would be nigh impossible. An effective patch management program is only as effective as the IT team that is implementing it.
6. Next generation firewalls
If there is one technology that I had to pick to be thankful for it is next gen firewalls which allow for tremendous visibility, and application of security controls in a central and managed manner.
7. Great business partners
Other teams such as compliance, privacy, counsel, internal audit, vendor management all need to play nice with information security program to achieve a higher level of organization security. With data breaches top of mind, good and close relationships with counsel and privacy partners are especially important for incident response and breach management.
8. Law enforcement upping their game
There seems to be a big uptick in law enforcement involvement in information security with many local and federal agencies establishing programs for sharing and outreach with other law enforcement agencies and the private sector. Only good things can come from this.
Sign up for CIO Asia eNewsletters.