We asked some experts at this year’s 2014 RSA Conference what advice they’d give to people writing or updating their cybersecurity policy.
1. Be flexible
Jamie Brown, Director of Global Government Relations for CA Technologies
2. Be specific when needed
“Cybersecurity policy in many cases, it’s very high level. It doesn’t get into helping people understand what their role is. How does this impact the end user, how does it impact your average state employee, your average city worker, [and] how do different situations get addressed?”
Dan Lohrmann, CSO of Michigan
3. Create a collaborative, security-focused culture
“When you have a stakeholder-driven process, what you get is a real back-and-forth, iterative process where people are bouncing ideas off each other and ultimately, what comes out of that tends to be much more effective.”
Jamie Brown, Director of Global Government Relations for CA Technologies
4. Mobility and social
“Mobility is a really big topic right now. It’s the extensibility of the enterprise out to individual devices and environments. And then social media, how is that handled in the enterprise, but also individualistically?”
Jack LeGrand, Security Specialist for Dell
5. Prepare for breaches
“It’s sad that I have to use the phrase ‘When things go wrong’ as opposed to ‘If things go wrong,’ but the reality is that, the breaches that we read about in the newspaper everyday are still not all the problems out there. A lot don’t get reported, so you have to plan for this and take a risk management approach.”
Paul Kocher, President and Chief Scientist for Cryptography Research, a Division of Rambus
This is the second video in a series of five. Visit Govtech.com tomorrow for more highlights from RSA 2014.