When you watched the Super Bowl, did it cross your mind how similar a championship game can be to your information security posture?  Maybe not, but if you think about it now, you’ll see the similarities too.

Like in a football game, your security always has more passing zones to cover than it has defenders.  You are always in react mode, while the offense is always in attack mode.  The only way you’re going to win the security championship game is if your defense is prepared to react to anything the offense throws their way.

When we apply this to an information risk management perspective it implies at least two things you need to do and have:  You need a holistic approach to your security and an impenetrable security defense (or at least one with as little wholes as possible).

A holistic approach to security
The best defense is a great offense; the same goes for your security posture.  With a holistic approach in place, an organization has a 360 degree security posture and a stronger CIO.  Why? Because not only does a holistic approach have all the physical and compliance security requirements in place, but it has also solved the communication gap between security professionals and upper management.  With fluid communication the right reaction will be enacted by all players in the field (not just the IT department, not just employees, not just the C-Suite, but everyone).  The offense may always have a list of tricks up their sleeve, but thanks to effective communication there is little room for penetration because everyone is on the same game plan.

An impenetrable security defense
A good offense can win the game, but a good defense can win the championship.  Defenders must respond to what the offense presents to them at all times, much like your security with intruders.  Security assessments with a comprehensive strategy is what will help you not only win the game, but also win the championship by reducing your compliance costs, eliminating gaps in your defense and mitigating risks associated with people, process and technology.

This means you want to ensure you:

  • Perform internal and external vulnerability testing

  • Perform internal and external penetration testing

  • Have your physical security system in place

  • Have a solid policies and procedures plan catered to your organization’s specific needs and situation

  • Test web application security frequently

  • Add Security Event Monitoring For Intelligence Gathering

With a holistic security approach and an impenetrable security defense you will improve your security posture year after year, as well as provide your clients and business partners the assurance needed to keep growing your business; to win your Super Bowl game.

Do you have all the fundamental game plan components to win the security championship?