InfoSec: Cybersecurity expert says preparation key to business survival

Share this article:
Howard Schmidt, (ISC)2 security strategist; former cybersecurity adviser to the White House
Howard Schmidt, (ISC)2 security strategist; former cybersecurity adviser to the White House
The world is more interconnected than ever before, with an estimated one billion devices connected to the internet, and in the next three to five years, that figure will double.

Not only does this present challenges to those security professionals charged with guarding corporate networks against attacks, but it presents opportunities as well to make a difference in their enterprises.

This was the groundwork laid out by noted security expert Howard Schmidt in his keynote address to start off the CISO Executive Summit last week in Orlando, Fla., a daylong series of presentations and panels preceding InfoSec World.

“Technology has been great for us,” the (ISC)2 security strategist and former White House cybersecurity adviser told the approximately 50 IT executives at the meeting. “But what could someone do against it? What's coming next? We don't know. If we knew we could do a better job preparing."

One priority he pointed out was to stop bugs in software and firmware: “We've got the tools now to find vulnerabilities,” he said.

In advising the audience on how best to make a difference in today's environment, he said that data is gold today.

“Pull people around the table who own the data,” he said. The message that must be conveyed: “This is not the time to cut back on security.”

To achieve this, the key challenge for IT security staff is to get their colleagues to understand the risk environment.

“You have to understand the business to understand the risk," he said. "There needs to be full alignment between business needs when doing risk assessment."

Bring plans up to date and focus on a long-term strategy, he added.

“Guide the discussion about solving technology and long-term expectations.”

And by all means, become familiar with all the latest gizmos and technology offerings being used in the corporation. To illustrate his point, Schmidt explained that when security colleagues expressed incredulity at his creating a Facebook page, concerned about the privacy implications, Schmidt answered, “If we're not using it, how are we going to understand it?”
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.