Shifting the Paradigm
There are many dangerous precedents in Information Security that need to be changed in order for organizations to be more successful in securing their most Critical Information Assets. There is danger in continuing to do things a certain way simply because that is the way it has always been done. Often, these precedents are reinforced despite the fact that an examination of their efficacy would suggest a change is necessary. There are also entrenched interests representing these antiquated approaches that will vehemently oppose any changes to the old guard. The simple truth is that the threat landscape is changing, and Information Security programs must also change to meet these emerging and evolving threats. Sometimes when I speak to audiences, people tell me the ideas I am presenting are common sense solutions. I take that as a compliment. Good solutions should make sense when you hear them. Great ideas should make you wonder why everyone isn't doing what is being suggested. The problem is not that no one knows what to do, it is that people are still not doing the things that need to be done in order to secure programs properly. These ideas may seem simple at their highest level, but implementing them properly and protecting Critical Information Assets comprehensively is still a challenge, and a challenge that is highlighted every time you read yet another story of organizations failing to protect their assets.