100% of the results of a security assessment are ignored when it is never performed!
Are you unsure of where to start…
It is easy to be overwhelmed with all the information about security. It is constantly in the news. Everyone is worried they might be next. You might already be late. You know you should be doing something however, you are not sure “Where to start?” with security. You have read books, blog posts, and you might even attend some training and have a certification. However, knowledge is just half of the equation, the other half is action.
Knowledge + Action = Security
But, how can you take action without knowing where to start?
Understanding the right question to ask will help focus your efforts and get you started without having to worry about making the wrong decision. It will also help you find the right balance between knowledge and action.
Ask this question instead...
The question you should be asking is: “When to start?”
And we all know the answer: “Now!”
Security is a series of steps that you need to continuously perform from now until the end of the internet. Think of a circle instead of a line. By consistently performing these steps and improving each iteration you will not only get started but also see a rapid improvement in security in a short amount of time.
Here is a brief outline of the important steps used by others in the industry:
1. Asset Identification
2. Security Assessment
3. Policies and Procedures
4. Training
5. Risk Mitigation
6. Incident Response
Now, for each step pick something to do (that is within budget) and do it.
Ask the right question and get started now, the clock is ticking!