Investing in Cybersecurity is Good Business, but Don't Forget People
The ARC/SANS Institute/ISSSource monthly podcast continues with our December installment. With the ARC Forum (Feb 12-15) and SANS ICS Summit (March 19-20) both coming up fast, Greg Hale of ISSSource interviews ARC's Eric Cosman and SANS Institute's Doug Wylie about the real value proposition of a good cybersecurity strategy and how to take some crucial first steps to a better cybersecurity culture. Here’s a link to the article in ISSSource.
According to ARC’s Eric Cosman, end users must consider the people side of the equation and not just technology. “The first thing they have to do is understand what it is they are trying to secure,” Cosman said. “It is very common to see they don’t have an active description of what they have in their facilities. There is a tendency sometimes for people to look for the silver bullet, ‘tell me what tool I have to implement to keep my facility secure.’ Unfortunately, it is not that simple. If you go to technology first, you are probably going to spend money you don’t need to spend and you will get less than a desirable result. So, you have to focus on the assets and the processes you use and the people. Once you have that foundation in place then you can start to look at specific tools and technologies to make your situation better.”