Just this week, I was talking to one of my editorial advisory board members, who said that lately he found himself boarding airplanes more than working in the home office. Apparently, seemingly endless trips to his company's various locations in the Asia-Pacific region are major priorities for him and his team to ensure that IT security operations are buttoned up across all their offices.To be more specific, because the global threat landscape is changing at a clip many of us in this industry have never witnessed before, his international firm is finetuning their security and risk management plans and controls. Beyond just enlisting tried-and-true risk management best practices, he and his bosses want to see the organization continue to rely on people, processes and technologies to establish more adaptive controls and systems to strengthen overall network resiliency.
This means that relying wholeheartedly on purchased tools isn't going to cut it given that many of today's technologies focus on mitigating risk and often react to new threats. The way he sees it, IT security plans and associated policies, processes, technological deployments and user training now simply have to stand up to any number of attack scenarios.Hearing his thoughts, I realized they were the same voiced by quite a few information security leaders with whom I've spoken over the last month or two. Being prepared, yet nimble, is key to a well-designed undertaking. The idea of understanding the context of what's happening to the business now, why and how it's happening and, then, divining what could happen in the future is not a new philosophy with which to underpin one's IT security blueprint.
Being adaptive to and aware of particular situations is an age-old concept that even Sun Tzu hit upon in his The Art of War. It's a philosophy that is intertwined throughout this still well-referenced tome, but there are specific quotes that more clearly showcase the idea: “By altering his arrangement and changing his plans, the skillful general keeps the enemy without definite knowledge,” or “Success in warfare is gained by carefully accommodating ourselves to the enemy's purpose.”Armed with these points of view, we at SC Magazine are looking forward to our SC Congress New York conference and expo on Nov.16 at the Metropolitan Pavilion in downtown Manhattan. During the event, industry leaders will share their expertise on how to deal with today's fast-evolving threats and what sorts of adaptations can be made to security plans to ensure preparedness for sophisticated attacks against your infrastructures.