Technology and malware exploits change so quickly that network administrators and government leaders may have a tough time keeping up. The only constant about the digital landscape is that it doesn’t stay the same for long.

We asked some experts at this year’s 2014 RSA Conference what advice they’d give to people writing or updating their cybersecurity policy.

1.    Be flexible

“I think there needs to be the recognition that, when you’re implementing a cyber program, you’re dealing with a number of different sectors, you’re dealing with different sized organizations across a whole range of issues, so flexibility is very important, because one size really can’t fit all. “

Jamie Brown, Director of Global Government Relations for CA Technologies

2.    Be specific when needed

“Cybersecurity policy in many cases, it’s very high level. It doesn’t get into helping people understand what their role is. How does this impact the end user, how does it impact your average state employee, your average city worker, [and] how do different situations get addressed?”

Dan Lohrmann, CSO of Michigan

3.    Create a collaborative, security-focused culture

“When you have a stakeholder-driven process, what you get is a real back-and-forth, iterative process where people are bouncing ideas off each other and ultimately, what comes out of that tends to be much more effective.”

Jamie Brown, Director of Global Government Relations for CA Technologies

4.    Mobility and social

“Mobility is a really big topic right now. It’s the extensibility of the enterprise out to individual devices and environments. And then social media, how is that handled in the enterprise, but also individualistically?”

Jack LeGrand, Security Specialist for Dell

5.    Prepare for breaches

“It’s sad that I have to use the phrase ‘When things go wrong’ as opposed to ‘If things go wrong,’ but the reality is that, the breaches that we read about in the newspaper everyday are still not all the problems out there. A lot don’t get reported, so you have to plan for this and take a risk management approach.”

Paul Kocher, President and Chief Scientist for Cryptography Research, a Division of Rambus

This is the second video in a series of five. Visit Govtech.com tomorrow for more highlights from RSA 2014.

Hilton Collins, Staff Writer
Hilton Collins  |  GT Staff Writer

By day, Hilton Collins is a staff writer for Government Technology and Emergency Management magazines who covers sustainability, cybersecurity and disaster management issues. By night, he’s a sci-fi/fantasy fanatic, and if he had to choose between comic books, movies, TV shows and novels, he’d have a brain aneurysm. He can be reached at hcollins@govtech.com and on @hiltoncollins on Twitter.