Security News > 2020 > March > What’s preventing organizations from making pragmatic security decisions?

What’s preventing organizations from making pragmatic security decisions?
2020-03-24 06:30

"It is hard or impossible to predict just how many times of skipping a good brushing it takes to get you in trouble with tooth pain, so we tend to take on more risk until we end up getting toothache and regret not investing enough on proactive maintenance," Ehsan Foroughi, Vice President of Products at Security Compass, told Help Net Security.

"Proper security hygiene, when done in the traditional way, gets in the way of agility and creates the dilemma: should we take on risk to move fast in the business, or should we slow down and do the right thing? Unfortunately, human nature pushes many to choose the fast and risky approach which leaves them with a ticking time-bomb of a security incident waiting to happen."

Security teams being perceived as the only owner of the organization's security.

"When it comes to education, many think of hard skills such as security testing and coding skills. However, educating staff on how security affects the bigger business, how it can reduce revenue if not done right, and how it can affect them directly, is critical," Foroughi noted.

In general, CISOs have to educate executives on how security and risk management affects business goals and on the importance of finding the balance.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/YuUjkQtFtMw/