Fortune Cookie Security Advice – August 2008

Everyone wants information security to be easy. Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

Common Sense

I think the key to fortune cookie advice is ‘common sense’ in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

Here is my Fortune Cookie advice for August:

Security policy is like a seatbelt. It will not protect you every time, but it is guaranteed to fail if you choose not to use it.

No security policy is perfect. In fact, it should be a continuously evolving body of work which is improved as the industry changes and learns. The biggest challenge is not the exactness of the policies; rather it is the awareness and consistent adoption by the employees. An appropriate level of effort must be directed at the successful marketing and support by the target audience.

It may not be sexy, but policy can empower the Management support and maintenance of policy are key factors in leveraging this tool. Clear and straightforward verbiage coupled with sufficient marketing saturation can deliver necessary awareness to affect behaviors. With employee support of security principles, an organization takes a great step forward in achieving an optimal security posture.

So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

A Company’s Greatest Security Threat and Asset

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.