
Should Security Teams Be Treated Like Law Enforcement
Cyber Security Teams Stressed to the Hilt
I read a Linkedin post yesterday from Mike Ebbers ( post ) postulating how we might make a comparison between law enforcement and information security personnel. His basic premise is law enforcement does not prevent 100% of crime, but they are not “fired” for not meeting this unattainable goal. So, why are company IT security personnel not held to the same standard?
After all is it realistic to expect our security teams to have a 100% prevent defense? Since, I served time in the law enforcement/intelligence field ( read my story on Linkedin ) this post resonated with me.
Our firm works with security teams in enterprises every day and I can tell you they are dedicated, trained, passionate and STRESSED to the hilt on getting things right. From having the right “tools”, meeting business driven metrics, adhering to overwhelming compliance and regulations to keeping up with all the “new shiny security objects” and the associated noise in the market. Plus, add in the continued bad habits of employees that lead to security risks. It’s no wonder the average life span of a CISO is 2-3 years.
So, what do businesses do to support their security teams and provide realistic and acceptable metrics that have some relevant measurements? Mike’s proposal to define acceptable metrics is a start. How about developing a “risk register” at the business level that drives those metrics and identifies severity of risk and possible solutions that can be applied. We usually ask clients if they have a risk register and often it is “NO”.
Maybe do what Steve Cohen wanted to do when he started up his new investment firm (after being the subject of a SEC probe of criminal behavior) look to hire former law enforcement article
What do you think?
Hey There. I found your blog using msn. This is a very well written article.
I will be sure to bookmark it and come back to read more of your useful information. Thanks for the post.
I’ll definitely comeback.
I am genuinely thankful to the owner of this web site who has shared this impressive article at here.
Spot on with this write-up, I actually think this site needs
a lot more attention. I’ll probably be back again to see more, thanks for the advice!
Hello, the whole thing is going nicely here and ofcourse every one is sharing facts, that’s truly good,
keep up writing.
I could not refrain from commenting. Exceptionally well written!
Wonderful website. Plenty of helpful info here. I am sending it to some friends ans additionally
sharing in delicious. And obviously, thank you in your sweat!
If you would like to take a great deal from this piece of writing then you have to apply these methods to your won webpage.
Great article! We will be linking to this great post on our
site. Keep up the good writing.