You may have tried to complete one of those larger than life mazes in which the walls of the maze were lined with hedges. There was no way over the hedge, under the hedge or through it so you had to follow the course of the maze using trial and error to forge a path through. Everywhere you looked all you could see were identical looking hedges and as such your view of the maze was limited. Now what would have been useful is someone with a view of the entire maze such as an aerial view or a map to help guide you through.
Now let’s go back in time a few hundred years and consider the explorers of the 16th through to the 19th centuries. Their quest was to map out the details and in doing so gain a bigger picture of sections of the world. There were many places yet to be discovered. Cartographers would be required to map coast lines, terrains and other important landmarks.
Now let’s come back to the present and think about today’s view of the world. It is much more complete thanks to satellite imagery. In fact, if you are lost you do not resort to hand drawn maps or even pick up your atlas, or street directory any longer. GPS navigation has become the tool of choice.
So what is the point of these examples?
Sometimes we may be focusing too closely on a single element or just a handful of elements to take in the big picture. In fact this seems to be a common mistake. Some CIOs and their teams get bogged down in processes such as policies or compliance, whilst others focus heavily on technology and then wonder why their information security fails to be adequate. They are consumed by the identical looking hedges or the coast lines rather than looking at the bigger picture. To be blunt, sometimes you can be so close to an idea or project that you really cannot see the bigger picture.
When faced with this situation there are a few ways to overcome it. The first thing you should do is try to take a step back. Sometimes this is all that is required. Don’t focus on just this idea, but see where it is in the context of complete information security coverage. Does your information security encompass protection, detection and response? Does it include the right mix of people, processes and technology? Does it have all of the necessary administrative, technical and physical controls in place?
Sometimes it makes sense to look for outside help and engage someone who has an art for seeing the big picture. Perhaps hiring a helicopter crew and having two way radios to help guide you through the maze. Now why did I not think of that when I was a kid? …Or borrowing Google’s satellite images to see an entire continent or the entire globe rather than just a view of the sandy beaches …Or seeking guidance from a security service provider when you are focused on the firewall when the issue at hand is users not following policies. A security service provider may be able to help uncover the bigger picture for you.
Some areas a good security service provider will be able to help you include:
When looking at your organisation’s information security strategy, take a good look to see whether the CIO and his or her team are bogged down in the finer details of the problem or whether they really do see the bigger picture.
Increasing mandates around the security of personal data have made encryption for every business. Australian businesses are leading the world in the use of encryption to protect backups, payment-related data, and laptops – and yet they still have a long way to go before encryption is both ubiquitous and manageable.
If your last access-control update was even a few years ago, you’re probably more exposed to fraud and exploitation than you’d like to be.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem