You may have tried to complete one of those larger than life mazes in which the walls of the maze were lined with hedges. There was no way over the hedge, under the hedge or through it so you had to follow the course of the maze using trial and error to forge a path through. Everywhere you looked all you could see were identical looking hedges and as such your view of the maze was limited. Now what would have been useful is someone with a view of the entire maze such as an aerial view or a map to help guide you through.
Now let’s go back in time a few hundred years and consider the explorers of the 16th through to the 19th centuries. Their quest was to map out the details and in doing so gain a bigger picture of sections of the world. There were many places yet to be discovered. Cartographers would be required to map coast lines, terrains and other important landmarks.
Now let’s come back to the present and think about today’s view of the world. It is much more complete thanks to satellite imagery. In fact, if you are lost you do not resort to hand drawn maps or even pick up your atlas, or street directory any longer. GPS navigation has become the tool of choice.
So what is the point of these examples?
Sometimes we may be focusing too closely on a single element or just a handful of elements to take in the big picture. In fact this seems to be a common mistake. Some CIOs and their teams get bogged down in processes such as policies or compliance, whilst others focus heavily on technology and then wonder why their information security fails to be adequate. They are consumed by the identical looking hedges or the coast lines rather than looking at the bigger picture. To be blunt, sometimes you can be so close to an idea or project that you really cannot see the bigger picture.
When faced with this situation there are a few ways to overcome it. The first thing you should do is try to take a step back. Sometimes this is all that is required. Don’t focus on just this idea, but see where it is in the context of complete information security coverage. Does your information security encompass protection, detection and response? Does it include the right mix of people, processes and technology? Does it have all of the necessary administrative, technical and physical controls in place?
Sometimes it makes sense to look for outside help and engage someone who has an art for seeing the big picture. Perhaps hiring a helicopter crew and having two way radios to help guide you through the maze. Now why did I not think of that when I was a kid? …Or borrowing Google’s satellite images to see an entire continent or the entire globe rather than just a view of the sandy beaches …Or seeking guidance from a security service provider when you are focused on the firewall when the issue at hand is users not following policies. A security service provider may be able to help uncover the bigger picture for you.
Some areas a good security service provider will be able to help you include:
When looking at your organisation’s information security strategy, take a good look to see whether the CIO and his or her team are bogged down in the finer details of the problem or whether they really do see the bigger picture.
Why nation-state attacks are everyone’s problem
Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.
With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.
An interview with CSO's David Braue and Ian Yip, Chief Technology Officer, McAffee.
According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities