Do or Don’t Do, Complain is Not an Option
Recently I wrote an article about why compliance is good and how it can drive security. After I wrote it I saw a conversation on LinkedIn where security professionals talking a lot of crap about compliance and I thought, “ was I wrong?” That was a fleeting thought and I knew I wasn’t wrong in what I had written, but I also knew that we can’t keep complaining about the situation, talk shit, or roll our eyes; we actually have to do something that will impact change or we are just part of the problem.
So what can we do about making a change so that compliance has a positive impact on security?
Let’s start with the reason compliance gets such a bad wrap. Security professionals don’t see compliance help improve the security posture of an organization and organizational leaders see it as a cost for something they don’t understand.
It looks something like this: 1) the organizational leaders have a bad attitude about it, thinking “it won’t happen to me” and do the bare minimum for compliance in order to stay in business and avoid fines, 2) businesses are run by business people and they may not truly understand there is a difference between compliance and security, and/or 3) due to the attitude or lack of understanding they don’t provide the resources needed (people, budget, time).
For the leaders, let’s be real anything that can happen to the other guy can happen to you too. If Target, Sony, Whole Foods, Equifax, and so many more it would take an entire article to list them all (you’ve read the headlines) can be hacked, so can you.
For the security and compliance professionals, if executives don’t understand the difference between compliance and security are we really doing our job? Are making their lives easier or harder? Are we just selling them something and leaving or are we really advising and consulting?
No one this world is immune to bad things happening, but these two groups together can do something to improve the odds.
When these two groups come closer together in understanding, conversation, collaboration, and implementation we will actually start to move the needle.
The point of this short article is not a big how to list or more checkboxes. It is an awareness piece. If you are reading this as an executive you have a responsibility to learn more about how compliance and security are implemented in your organization. You must provide the necessary resources.
If you are a security or compliance professional how can you help your clients navigate this so that it isn’t so hard, so expensive, and so daunting? What can you do to help them operationalize security and compliance and make it part of doing business?
I don’t have all the answers, no one does, but we have to start talking about it. We have to stop complaining and start acting. We don’t have to know how we just have to know it’s possible and that is’t important, but we have start having different conversations. What problem are we really trying to solve and who wants to take real responsibility for solving it?
If you want to further this discussion I welcome a conversation, I want to help come up with the answers that I don’t have. I can’t do it alone because there are much smarter people than me out there. But until enough of us come together to solve the problem and for that matter identify what the problem really is, not much is going to change.
Email sharon@c-suiteresults.com so we can talk in more detail.
You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/
Latest posts by Sharon Smith (see all)
- Using the Golden Rule to be a Better Leader - July 2, 2018
- Arming the Cyber Defender – Your Employees - May 8, 2018
- The Secret to Hiring Cybersecurity Professionals - May 3, 2018
