Let's be clear "NOTHING is SECURE!!!" for those of us who are under the delusion that systems are unbreakable, that is not so. Eternal vigilance, is necessary for the changing landscape of cyber existence. Like our physical world you have to adjust to the environment.
In an article today "'Secure' Windows 10 S Hacked Wide Open in 3 Hours" , Andrew E. Freedman delineated on the hack of Windows 10 S (the OS sold with the Microsoft Surface pro) by ZDnet hired tool of choice Matthew Hickey, security researcher and co-founder of cybersecurity firm Hacker House.
Human beings are ever insightful, innovative and creative. That skill, coupled with a misguided conscience will cause havoc, therefore those of us with the responsibility to ensure system availability and the productivity of an organization must be ever vigilant.
While many may think this is the domain of the Security personnel or the CIO and his team, this is actually the responsibility of the leadership of the organization. Yep, I called it, The Board, the C-Suite. Governance puts the right people with the right tools and levels of access in place that enables an active innovative security posture.
Governance is about creating and maintaining value for the customer, internally the staff/employees of the organization. Also the external customer because it is the customer that ensures that the bottomline is met. They spend the money for the products and services. Ensuring that the value chain is secured from end to end resulting in the delivery of products and services to the customer is the domain of the governance team i.e. leadership, Board, C-suite. These are they who make the decisions on how the money is spent to secure the systems that provide service to the customer.
Security is only part of the picture the breaches that are seen or noticed are the tip of the proverbial iceberg. It and IT always comes down to people because it is people that do the hacking to get to information about people that are using a product to then sell that information to other people. So in a real sense security is a people problem.
Decisions at the top to enable functionality at the system and other touch points within the organization. As proven the above mentioned articles the people that use the system are of critical importance. Understanding the thinking and creating an environment of aware and vigilant users is not something that can be legislated, but must be seen as part of the DNA of the organization. Therefore the human beings that come to work in the organization must be part of the collective thinking that enables the organization to function securely.
Roger St Hilaire is a Student of Life, an IT Strategist and Governance Specialist. He has spent many years in the field as a consultant for large and small organizations. He blogs about current happenings across various subject areas that connect to Governance. He can be reached at firstname.lastname@example.org Check out his current blog at www.reshglobal.com/blog