Security isn't just a tech issue. If you go into thinking your gear is your security program, you're leaving yourself open to hurt. Tech toys can't solve all security problems.
Many obvious problems can be mitigated with simple configurations and preventative controls.
You need to consider the following:
- Communication across all employees
- Risk analysis beyond the management of traditional insurance or even project management
- There's also a level of risk acceptance, including straight-up ignoring it
- Frameworks (like NIST CSF or Microsoft Operation Framework), data regulation, or compliance issues
Think beyond the hacking and administering part of information security. You can have strategic plans with
- Information security management
- Information security consulting
- Information security analytics
- Disaster planning and recovery
Don't look for a one-size-fits-all solution to solve all security problems. You can, however, go a long way in involving your people.
