Cybersecurity Czar

Filed Under: SophosLabs

This morning President Obama announced that he would be appointing a Cybersecurity Coordinator. The appointment is one of the many recommendations of the 60 day cyberspace policy review (PDF) commissioned in February. Along with publication of the review itself comes a list of the papers that in part informed the reviewers.

The review itself outlines 10 near term goals for the US Government and while many are concerned with governmental or international policy there are two that are just as applicable to the safe and secure operation of an enterprise network.

Initiate a national public awareness and education campaign to promote cybersecurity

Education should be a key part of any security strategy. One of the largest security risks in any organization is the connection between the keyboard and the chair. It is undoubtedly true that there are many users who will not understand or care about network security. However, changing the behavior of those who do understand will reduce your risk, which is the purpose of security measures. No single policy, education program or technology solution will provide complete security, each must be used together as part of a coherent strategy to secure your network.

Prepare a cybersecurity incident response plan

To quote President Obama: "ad-hoc response will not do". Despite your efforts to minimize risk there will almost inevitably be security incidents on your network that require a response. Planning that response in advance will lead to a more calm and controlled incident. Last year SANS Internet Storm Center published a series of articles about preparing for and responding to security incidents during their Cyber Security Awareness Month. In fact some data protection laws, such as the one in Massachusetts, require a "comprehensive, written information security program".

It is refreshingly honest for the US Government to admit that "We are late in addressing this critical national need and our response must be focused, aggressive, and well-resourced." Unfortunately many other organizations are also well behind when it comes to implementing good security practices. If yours is one of them perhaps this is a good time to rethink your security strategy.

Image source : Randy Son Of Robert's Flickr photostream (Creative Commons 2.0)

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Richard manages SophosLabs' operations in the United States. His principal security interests are endpoint security and user education. When he's not worrying about digital perils he enjoys singing, much to the distress of his cat, whose name does not feature in any of his passwords.