Invite people into the conversation and be prepared to answer questions in a way that makes sense; if you don't know the answer, offer to get back to them. Done right, this leads to a higher level of awareness (see the definition) and a step toward stronger relationships and more security-conscious actions.
The conversations and solutions we need to explore
When Heartbleed winds down, we need to collectively step back and reassess the challenges and opportunities of the industry. We need to explore the challenges we really need to solve.
It likely means discussions about:
- Trust and authenticity on the Internet
- Certification revocation
- The role and potential need to implement perfect forward secrecy
- If we need to consider promoting the wider adoption of two-factor authentication (although the first step is to get basic authentication right - read the 3 steps here)
In the meantime, focus on the five actions for each organization and three steps each of us needs to take. As this unfolds, we'll continue to look for ways to engage and advance the conversation.
Sign up for CIO Asia eNewsletters.