The MBA Guide to IT

Episode 50 – What is a Cybersecurity plan?

I totally understand why we need Security Awareness Training.  Use better passwords, be careful surfing, etc.  But how do you implement cybersecurity, really?

User training is fine, but it leaves me wondering if maybe we built systems that aren’t safe enough.  Instead of warning people not to cut their hands on the meat slicer, maybe we should redesign things to keep the blade out of the way.

Cybersecurity comes down to three important areas:

  • Confidentiality – Can we prevent the wrong people from seeing the data?
  • Integrity – Can we ensure the data came from the right people and remains unchanged?
  • Availability – Can the right people get to the data when they need it?
  • These three items, sometimes called the CIA Triad (no, not that CIA), can be in conflict.  It’s possible to lock things down so hard that people face delays getting the data.  It’s possible to prevent edits by the very people who need to modify it.

    The approach to these three things is changing.  We used to worry about putting data in a safe place and then controlling who can read and modify it.  Today, we need to worry about what happens to data as it moves out of that safe place into the hands of people who will work with it.

    There are some good technologies out there to manage rights as data moves inside and outside your company.  Too often, these technologies aren’t included in our tools or integrated into our workflow.

    Tomorrow, we talk about the risk tolerance of the firm and how it affects cybersecurity.

    I’m Carter Edmonds with 20CREEK.  We help you build IT you’ll brag about.

    Episode #50 – 2/18/2019

    We use cookies to operate the site, improve your experience, and personalize our interactions with you.
    By continuing to use our site, you accept our use of cookies.
    Please see our Privacy Policy, Terms of Use, Disclaimer, and Cookie Policy.