Five Tips to Improve your Security Posture

From IT Computer World Canada

Tip No. 3 Password hygiene

“One of the big problems with organizations is that it is hard for them to understand what the real risk is related with making a particular choice, so then we get overly concerned about something because it appears scarier,” said Diana Kelley, partner at IT security consultancy SecurityCurve. “Be realistic about risk,” she said. Kelley suggests “sitting down and taking the emotions out of it and looking at it from a quantified, reasonable perspective” to determine what the real risk is to the organization. For example, an externally facing Web site may “appear scarier” than an internal threat, which might actually be the bigger problem, she said.

Tip No. 4. Talk in a language the business understands

It’s one thing for techies to warn each other about buffers or an SQL injection vulnerability, but most of the time, this doesn’t make sense to a business unit owner or an executive, said Kelley. Kelley recommends IT adjusts its language when speaking security to non-IT units and take the conversation “outside of the techie realm” to focus on what the risk means for the business. “There’s an underlying technical reason, but as the business itself, what does that mean,” she said. “What they need to hear is, ‘Our customer data is at risk, we have a high likelihood of it being exposed because the problem is easy to exploit, it’s available from outside the company … in order to fix it, it will cost us this much time and this much in terms of resources,’” said Kelley.

To see all 5 tips, check out the full article here.