There are five things all companies should ensure they are doing in terms of cyber security
All organsations should do everything they can to control what they can to improve their resilience to cyber attack, according to Scott Carlson, technical fellow and executive security advisor at BeyondTrust.
“There are five things that I think are non-optional when it comes to cyber security and controlling identity and privilege,” he told the European Identity & Cloud Conference 2017 in Munich.
First, Carlson said those responsible for information security must ensure that they communicate in the right language.
“Use the language of the person or group you are talking to. We all know that systems architects speak a different language to company executives, and that acquired companies speak different languages to the new owners.
“And whatever style you choose to communicate, it is really important to tell the truth. It is our job to give people the information they can use to help us solve the problem. We need to tell the truth and we have to speak in business language, not in technology. Speak in terms of controls and use cases,” he said.
It is then up to the information security professional to map company use cases to controls and then buy or build a tool to enforce those controls.
“Very few companies have to build a tool, nowadays, because there are a lot of enterprise class [security] suppliers whose product is fit to use in most corporations. You don’t need to figure out how to put something together. You need to implement something in the way that works for you.”