Information Security Resolutions for 2011

Thursday, January 13, 2011

Robb Reck

C787d4daae33f0e155e00c614f07b0ee

Think it's too late for a New Year's post? You must not have heard that January 12th is the new January 1st.

I've never been one for making New Year's Resolutions. However, a quick search of the web finds that a lot of folks are. An awful lot of people are looking to lose weight, quit smoking, or get a new job this year. This got me to thinking; what are my InfoSec resolutions for 2011? It sounds like the perfect topic for a Five Things article.

  • Don't be satisfied with doing things ‘the way we've always done them.' This is a problem not just for security folks, but in all areas of business. Change is how great things happen. As we continually seek to do more with fewer resources, finding inefficiencies in our processes and systems will become more important. In 2011, I don't ever want to shoot down an idea simply because it's not the way we've done things before.
  • Strive for security, not settling for checking boxes. I've written about this many times in the past, but the tension between security and compliance is as real as ever. Compliance is required, of course, but it's not enough. I will continue to strive to use my compliance initiatives to drive in real change, and real security, rather than settling for meeting my regulatory or audit requirement.
  • Expand my knowledge into new technologies. The information security field is blessed with a great group of vendors and developers who continue to create better tools and systems. These companies continually push security technology forward, giving us new tools for protecting and detecting in our environments. In 2011 I will continue to learn more about these technologies and how I can better take advantage of them in my organization.
  • Better align the security initiatives I work on with the business objectives of the company. Security does not exist in a vacuum. We are employed for the express purpose of helping our organization meet its objectives. If we accept that as true, shouldn't we also accept that in order to do our jobs properly we need to understand the company's objective? In 2011 I want to work harder to figure out where the business is going, and how I help it get there.
  • Learn from (and network with) the InfoSec practitioners around me. Both in person at ISSA and ISACA meetings and security conferences, and online through twitter, LinkedIn, blogosphere and Infosec Island. There are so many brilliant people out there doing original thinking or perfecting the practice of information security. In 2011 I'm going to work hard to learn from these people.

Happy New Year!

Cross-posted from Enterprise InfoSec Blog from Robb Reck.

Possibly Related Articles:
12693
Enterprise Security
Enterprise Security Security Strategies 2011 Information Security Infosec
Post Rating I Like this!
C643eec6350152c6c3fbd1288578d98a
Terry Perkins Great article. The spirit of these initiatives is right on target.
1295021478
C787d4daae33f0e155e00c614f07b0ee
Robb Reck Thanks Terry!
1295027841
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.