CSOs Should Take Advantage of Rising Security Awareness
Imagine my surprise: At Office Depot I picked up a pack of black Uni-ball pens and discovered that Uni- ball is selling them based on purported security benefits.
By Derek Slater
September 13, 2006 — CSO — The packaging boldly proclaims that these pens help prevent check fraud. Fine print explains the threat of check washing and boasts that the chemicals in Uni-ball's gel ink bond more tightly than dye inks to the paper fibers of the check, so the writing can't be washed away. There's even a stamped "approved product" endorsement from .
Security at the heart of the marketing message for a humble consumer item like the writing pen.
Big deal, eh? In fact, yes. It's a small sign that signifies a sea change of which CSOs should take full advantage. Namely, the average bear—the one who's been ignoring your security awareness newsletter for a few decades—is now becoming attuned to the risks that surround him.
Identity theft is the crime that has captured the public's attention. Here let's tip our caps to state Sen. Steve Peace and Assemblyman Joe Simitian, principal authors of California's SB 1386 statute, because without 1386 none of this would have happened. (September 11 evoked a different kind of security awareness—one soaked with a more visceral fear but, for the everyday citizen, lacking much action she could take other than avoiding airports.)
The upshot is that because people are rightly concerned, you have a chance to position yourself as an ally instead of as a stern schoolmarm, to be regarded as a provider of handy expert advice, not droning lectures.
CSO Managing Editor Michael Goldberg has added a piece called "Pass It On" to the Briefing section in every issue of the magazine. Our aim is to provide action-oriented material that you can forward to various audiences—sometimes the CEO and board (as in the case of July's article on protecting intellectual property), more often to the rank and file (see June's step-by-step instructions for monitoring consumer credit reports). This month we offer a quick take on security metrics that can help inform peers such as those in HR and legal about how your department works (see Page 16).
Material of this sort has always been popular among our readers as they seek that most elusive of beasts, the Security-Aware Employee. The difference now, if Uni-ball's packaging is indeed an indication of the prevailing winds, is that the audience is ready to listen.
So instead of starting your employee reminders with a policy diatribe and a threat of dismissal for noncompliance (surely you haven't actually been doing that very often?), send out a message that says, "A number of our colleagues here at Acme have expressed concerns about identity theft. The security group has created some resources to help you with tasks such as protecting your personal finances."
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Overcome Top 7 Admin Challenges of Active Directory
- Insiders Can Ruin Your Company. Take Action.
- Top Solutions and Tools to Prevent Devastating Malware
- X-Ray of the PCI Process-4 Proactive Steps
- Streamline Compliance and Increase ROI
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
CSO Corporate Partners
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
