RSA 2014: 5 Things to Put in Your Cybersecurity Policy

The ever-changing digital landscape requires IT professionals to be vigilant about keeping their cybersecurity programs up-to-date.

by / March 11, 2014 0

Technology and malware exploits change so quickly that network administrators and government leaders may have a tough time keeping up. The only constant about the digital landscape is that it doesn’t stay the same for long.

We asked some experts at this year’s 2014 RSA Conference what advice they’d give to people writing or updating their cybersecurity policy.

1.    Be flexible
“I think there needs to be the recognition that, when you’re implementing a cyber program, you’re dealing with a number of different sectors, you’re dealing with different sized organizations across a whole range of issues, so flexibility is very important, because one size really can’t fit all. “
Jamie Brown, Director of Global Government Relations for CA Technologies

2.    Be specific when needed
“Cybersecurity policy in many cases, it’s very high level. It doesn’t get into helping people understand what their role is. How does this impact the end user, how does it impact your average state employee, your average city worker, [and] how do different situations get addressed?”
Dan Lohrmann, CSO of Michigan

3.    Create a collaborative, security-focused culture
“When you have a stakeholder-driven process, what you get is a real back-and-forth, iterative process where people are bouncing ideas off each other and ultimately, what comes out of that tends to be much more effective.”
Jamie Brown, Director of Global Government Relations for CA Technologies

4.    Mobility and social
“Mobility is a really big topic right now. It’s the extensibility of the enterprise out to individual devices and environments. And then social media, how is that handled in the enterprise, but also individualistically?”
Jack LeGrand, Security Specialist for Dell

5.    Prepare for breaches
“It’s sad that I have to use the phrase ‘When things go wrong’ as opposed to ‘If things go wrong,’ but the reality is that, the breaches that we read about in the newspaper everyday are still not all the problems out there. A lot don’t get reported, so you have to plan for this and take a risk management approach.”
Paul Kocher, President and Chief Scientist for Cryptography Research, a Division of Rambus

This is the second video in a series of five. Visit tomorrow for more highlights from RSA 2014. 

Hilton Collins

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.