The Security and Privacy Merge: It’s A Good Thing
Like peanut butter and jelly or milk and cookies, the security and privacy fields just go better together.
Both communities have started a slow but steady commingling in recent years, all with the goal of improving information protection measures on a large scale. And for good reason.
Consider any one of the major name-brand data breaches within the last few years. The hit against health insurer Premera Blue Cross last January, for example, or the massive Target data breach in 2013. The first word that likely comes to mind after “data breach” is “security,” though all that compromised data has huge privacy implications for those customers or clients affected. Premera didn’t offer two years of free identity-theft protection to affected clients out of the goodness of its heart.
An Emerging Convergence
We’re especially excited to see this convergence made evident at the upcoming RSA® Conference 2016, one of the largest information security conferences in the world. A number of session topics will discuss the shared interests of security and privacy, including a half-day long session on the first day of the conference entitled “Privacy and Security: Working Better Together.”
Info sec news site BankInfoSecurity recently discussed the emergence of privacy as a hot topic at the traditionally security-focused RSA Conference with Michelle Dennedy, chief privacy officer for Cisco Systems.
“Dennedy, the recently appointed chief privacy officer at Cisco, says privacy has often seemed to be a bolt-on topic at the RSA Conference. But this year, she sees it getting the spotlight it deserves,” BankInfoSecurity’s Tom Field wrote.
Information as Commodity
At the heart of the convergence of security and privacy is the recognition of that thing called “information” as a commodity, and an incredibly valuable one at that. A “critical asset,” as Dennedy put it in her interview.
“So when we’re seeing people taking care of their virtual assets, as they would a currency asset, then I think we come to an entire new precipice of what a privacy professional is,” Dennedy told BankInfoSecurity. “How they need to integrate with the financial people, with the technical people, with the marketing people, and with highest of the executive level.”
Bringing It All Together
We’re thrilled to hear talk of such integration from the CPO of a company as influential as Cisco Systems. But there’s one more critical asset that cannot be left out of the equation: the employee. After all, your employees are the ones handling all this vital information. A vital piece of any information protection program is making sure your employees know just how important that information is.
Employee awareness programs, then, are where security and privacy being discussed together make the most sense. While C-levels and other managers likely already see how these two issues intertwine, instilling this knowledge in boots-on-the-ground employees is key.
With training on information protection presented on two connected fronts, employees can begin to see the information they handle as more than just names and numbers. Connecting privacy and security awareness programs allows employees to appreciate how one effects the other, and how even relatively minor failures in either can have catastrophic consequences.
As with all awareness programs, the goal of intermingled security and privacy awareness training should be to equip employees to make better information protection decisions that ultimately reduce risk for the organization. But more than this, cementing this connection early and often through training will better prepare your people for this brave new world of security and privacy working together.
So bring on the security and privacy merge! That vital asset called “information” will be better protected for it.
MediaPro will be at RSA Conference 2016, Feb. 29 through March 4, in San Francisco at booth #3125. Connect with us there, or contact us to set up a time to discuss your awareness program goals.