Weekly Data Protection & Compliance Links: July 17, 2015

Once again, we’ve gone digging through the Internet to compile some of the best reads on security and data protection we could find. This week we bring you epic security fails (that resulted in job losses), a new hire to help the c-suite sleep better at night, an employee-backed rally for stronger security policies (what?) and more!
Why Cybersecurity Leadership Must Start at the Top – John Chambers and John N. Stewart, @Cisco
If the past year has shown us anything, it’s that companies should no longer ask if they are going to be hacked and instead when.
Well, hello! Now that we have your attention…
In a piece penned by John Chambers, chairman and CEO of Cisco, and John N. Stewart, senior vice president, chief security and trust officer at Cisco, the case is made that security must become a top business priority. It is no longer a choice for CEOs and board members – it’s a must. That’s because the pace of these incidents requires boards and the c-suite to make fast and effective security decisions that protect the business–both from a market perspective and a reputation perspective. When we have conversations about security, it’s no longer just about protecting the information, it’s also about maintaining trust with the public and customers, building company reputation, as well as safeguarding data, IP, and critical infrastructure. That requires a top down approach to security, and one that needs to be ingrained in your culture. If you haven’t yet adopted a security-aware mindset, you’re already behind the times.
Employees Embrace BYOD, But Still Worry About Privacy@HelpNetSecurity
Fact: More employees are using personal devices to perform work-related functions. My guess is you already knew that. What’s interesting is that, according to a recent survey from Tyntec, your staff is performing their core job duties with little or no governance from the organization, thanks to sluggish adoption of Bring Your Own Device (BYOD) policies. What’s even MORE interesting, is that it’s employees who are most often voicing their concerns about the lack of oversight. That’s right—employees want better protection and clearer security policies, and it’s the IT department that’s failing to deliver. Welcome to the security Twilight Zone.
The problem seems to be that creating BYOD policies involves new thinking and additional effort to educate and inform the workplace of its obligations and responsibilities. In many cases the notion of BYOD conflicts with traditional IT policy–you’re applying corporate IT rules to a device you don’t own, that you didn’t spec, and of which you have no control over the software running on it.
While it may seem like new territory, the burden is on security departments to get these policies in place, and to get them into the hands of employees who are so desperately seeking them.
Why Hiring CCSPs Will Help The C-Suite Sleep At Night – David Shearer, @ISC2
Do you toss and turn late at night worrying about the many cloud computing security issues in the news? Thank goodness we’re not the only ones! David Shearer had a great post over at (ISC)2 about why hiring a cloud computer security professional (CCSP) may be just what the doctor ordered to lull you back to sleep. He argues that the growing adoption of cloud services has increased the demand for security professionals able to set the proper controls to public, private, community, and hybrid demand models. He also shares a stat I did not know—cloud computing was identified as having a growing demand for education and training. What are you doing about that?
By hiring a CCSP, companies will benefit from possessing the knowledge, skills, and abilities needed to address security and business issues associated with cloud computing, as well as benefitting from the recurring savings that occur when businesses make a modest investment in staff training and certification. Ah, training, always helping to improve a business’ bottom-line. 😉
14 Security Fails That Cost Executives Their Jobs – Thomas Claburn, @ThomasClaburn
We’ve seen it before. Company X suffers a security breach and it’s plastered all over the Internet for the next 10 days. Then, High Ranking Person from Company X “unexpectedly” resigns and a new person is appointed. Our friends at InformationWeek compiled a list of 14 such occurrences, serving as a powerful reminder that it sure is more cost effective to invest in a security awareness program than to face the true cost of a data breach, updating systems, software, and senior management. As the article states, there is no job security when your job is security.

Share this Post