Pratum Blog

“Time is of the essence.” “Time is money.” Yadda, yadda, yadda.  You’ve heard it all before. Every business leader is pressed for time in one way or another. That’s why today’s post is quick and simple. Here are three questions every CIO should be asking their CISO, VP, Director or “Whatever” of Technology:

  1. Can you prove to me that we’ve not had a system breach in the past “x” months and will your evidence stand up to an independent 3rd party review? 
    The idea here is to make people uncomfortable.  You don’t want to be placated.  You don’t want to hear someone touting their belief in the team.  You want concrete evidence.  Make them show you months of event logs that have been reviewed for anomalies or malicious activity.  Ask for something, anything.  Just don’t settle for “We believe our systems are safe”.   Even if you have no plans to get an independent review, ask them to be able to support their conclusions.  As Ronald Reagan said, “Trust, but verify”.

  2. How are we coming on addressing the top risks identified in our latest IT risk assessment? 
    This assumes you have performed a high level risk assessment with your CIO, CFO, Legal, HR and Insurance teams within the past year.  Technology is changing daily.  The way we use technology is changing just as fast.  Are you up to speed on the risks that your organization is facing from the use of technology in your business operations?  You know risk exists.  Are you addressing the biggest risks first?  Are your investments to lower risk working?  Are there new laws that could change your risk?  Can new insurance products transfer some of the risk?  Ask questions of your leaders.  Make sure sufficient progress is being made to reduce risk where necessary.

  3. Do we have expertise on staff to deal with the changing threat and regulatory landscape?
    This is the toughest question.  Everyone hopes to have the best and brightest on our teams.  The reality is we always have gaps.  Make sure your leaders know gaps are ok.  They do however need to be identified and dealt with.  Perhaps you have a security team already.  Great, but do they have all the skill sets that are needed to fully protect the organization?  If not, can they get them?  Should they?  Are contracts or retainers with experts a better solution?  Either way, it’s best to be prepared.  You can’t afford to be caught flat footed in this rapidly changing security environment.

CIOs that get answers to these three questions will be far ahead of their peers and competition.  While there is a “right” answer to every one of these questions, the “right” answer will be different for everyone.  The important thing is to ask the questions and then ensure the “right” answers are supplied.

In case you’ve been asleep at the wheel, everybody thinks they need drones these days: Amazon, your local police department, the pizza delivery guy, the neighbor kid, his dad, everybody. All of these drones will be equipped with surveillance technology such as cameras, microphones, GPS and RFID.

If you think red light and speed cameras are bad, you’re in for a treat. At least with the speed cameras, you can avoid that section of town if you really want to. Once these drones are in the air, privacy as we know it will die. The FAA needs to step up and address this quickly which unfortunately is not likely to happen. In the meantime, local jurisdictions will attempt to implement their own enforcement rules. That might even be worse than the feds.

I feel sorry for the new generation of Americans who will never know the feeling of not being watched and recorded wherever they go. It was rather freeing. Maybe that’s why I love sitting on my back deck with nothing but timber behind me. Short of spotting a drone, I’m pretty sure that I’ve got a little privacy in my personal oasis.  So…keep your drones out of my airspace and we’ll be just fine.

Brian Krebs reported earlier this week about a suspected breach of credit and debit cards at Goodwill Industries stores in at least 21 states. So when the 2013 Verizon DBIR reported a steep decline in breaches in the retail sector, I guess that was an incentive for the hackers. Goodwill is just the latest major retail chain to be hacked.

If you’re about to graduate high school or are early in your college years and looking for a career field with long term grow and job security, maybe you should consider any one of the fields within information security. I think there are a lot companies that will be looking for help in the near future.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.