• LinkedIn Social Icon

© 2023 by Kim L. Jones.  All rights reserved.  Proudly created with Wix.com

Connect
Please reload

Search By Tags

January 8, 2018

October 23, 2017

October 9, 2017

April 20, 2017

April 18, 2017

Please reload

Recent Posts

A Three-Pronged Approach to Protection

October 5, 2017

1/4
Please reload

Featured Posts

Is It Really "All About The Data?"

February 5, 2017

As we look back on 2016, we are once again faced with a plethora of data breaches which resulted in the exposure of hundreds of millions of records across this nation, I admit I am left wondering whether or not our data truly has value anymore.

 

Don't get me wrong:  I still wholeheartedly believe and support the need for organizations to take a more proactive and holistic approach to protecting our data.  This includes (but is not limited to) things such as focusing beyond compliance; proactive threat intelligence; skilled resources; and a proactive defensive posture which focuses on all portions of the cyber kill chain.  But let's pause for just a second:

 

  • How many companies have gone out of business because of a data breach?

  • How many organizations have seen an unrecoverable loss in valuation after a data breach?

  • How many folks reading this have stopped utilizing services and/or associations because of a data breach?

 

See what I mean?  As upsetting as data breaches have been, at a macro level we have collectively devalued the importance of data confidentiality  to a point where its loss creates a smaller and smaller ripple in the world and in our lives -- and does not drive behavior change.

 

There are scores of theories as to why this might be the case; I will leave that discussion to the behaviorists and social scientists.  For the security professional, though, it is worth understanding this paradigm around data.  While discussing  data breach and its components with the business leadership may have some value, utilizing a loss of confidentiality to help energize a security program may not get you the traction you are hoping for - even if the breach occurs at a competing organization.  We are better served by focusing on how our programs and efforts maintain the integrity of the data as well as its availability to our customers and our internal organizations.  If you are beating the data breach drum as a mechanism to garner support for your programs, do not be surprised if you keep coming up short.

 

My two cents...

 

 

 

 

Share on Facebook
Share on Twitter
Please reload

  • Google+ Social Icon
  • Facebook Social Icon
  • LinkedIn Social Icon
  • Twitter Social Icon