With EoY and the new year upon us, most of us are doing our customary close-out/planning activities in both our personal and professional lives. For us in infosec, 2020 will surely be another doozie of a year, with breaches, data disclosures, tighter regulations, and plenty of shiny objects to keep us distracted.
There are so many predictions, celebrity threats, and ransomware fiascos that we often forget that there are some key fundamentals that will help drive significant maturity in your infosec programs. From knowing what you have, who may want it, and how they could get it, to what you’re doing to prevent, detect, and respond to threats and breaches, these 10 IDR resolutions for 2020 are sure to keep you busy:
1. Know what you have that is of value to attackers and where you keep it
Most breach incidents are financially motivated, so knowing what you have that attackers covet is the first step in determining where you need to invest in defenses. Do you have PII? PHI? Designs for the next big widget? Email addresses? Email addresses AND names? Passwords? Each of these pieces of data carries value in the black market.
To complicate things, some of these pieces of data are governed by regulations and laws. And, as if that weren’t enough, some data is governed by unwritten social contracts where your user base might abandon your brand because you shared usage information with third parties.
You cannot adequately build a security program if you don’t know what that security program is intended to protect, and at what level.
In 2020, we should resolve to know exactly what we’re protecting and the impact of losing it, then ensure all employees are trained on proper d ..
Support the originator by clicking the read the rest link below.
