Recently a lot of newsworthy security incidents have taken place. A common thread through many is not that they were sophisticated or required lots of time to plan and execute, or even that the victim had not invested in a lot of whizbang security technology which led to them not noticing the attack. The common thread much more simple: that fundamental security measures were not being taken by the organisation. Things like turning off accounts when people left the organisation, removing disused technology from the network, and the reuse of passwords by staff amongst public-facing and internal systems.
The fundamentals make it easy for attackers to get into networks and systems, both enterprise and personal, and are all things that we can each work on individually and within our organisations to improve and make the attacks that much harder for the bad actors to execute. This week’s episode discusses those fundamentals and how to approach them.
The “slide” that is often referenced in the episode comes from a talk that Dan gave to the National Information Standards Organisation (NISO) last week on why it was so important to maintain the security of their systems. The whole presentation deck is available at http://slideshare.net/secratic/security-is-an-enabler-not-securing-is-an-inhibitor-249421889 and the specific slide is on Slide 8.
Thanks for listening. You can subscribe to the podcast on your favourite podcast application or by visiting our website https://www.greatsecuritydebate.net/subscribe. Please let us know what you think by leaving a comment in the podcast application’s rating section or emailing us email@example.com
- The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win: Kim, Gene, Behr, Kevin, Spafford, George: 8601404253799: Amazon.com: Books
- Amazon.com: The Unicorn Project: A Novel about Developers, Digital Disruption, and Thriving in the Age of Data eBook: Kim, Gene: Books
- Home – Chaos Monkey
- The Great Security Debate Episode 21: Why Does My CISO Hate Me?
- Presentation: Security Is an Enabler, Not Securing Is an Inhibitor
- Transforming Content Through Transformed Systems | NISO website
- Largest US propane distributor discloses ‘8-second’ data breach
- Private Communication Coaching for Business Leaders & Teams
- A CISO’s First 100 Days
- The 18 CIS Controls
- Five Whys and Five Hows | ASQ
- BeyondCorp Zero Trust Enterprise Security | Google Cloud