Building a C+ Security Effort – 5 Tips to Achieve What Your Execs Want & Your Business Needs: Being Repeatable & Consistent is the Life Blood of the C+ Student

This series will explore 5 tips to build a sustainable, repeatable & effective C+ security effort. One that can pass security audits, comply with regulations, while still maintaining a strong dose of practicality. Time to go from F to C+, baby!

Tip #4: Being Repeatable and Consistent is the Life Blood of the C+ Student

The good thing about being a C+ student in security is that you will probably be much more effective in getting stuff done as well as cost effective at doing it; both in implementation cost and impacts on the business. The problem with this approach though is that you do not have much room for failure when you make mistakes. With an A+ approach, a couple mistakes will still leave you with a B. With a C+ approach a couple mistakes and you are in the land of D, or not compliant in regulation speak. Obviously, this is going to lead to problems.

So the key when taking a more average approach is to make sure that you implement systems that, though average in implementation, are an A+ in terms of quality and repeatability. For example, you may be building an economy car instead of a luxury one, but make sure it is a Toyota instead of a Hugo in terms of quality.

As always, please provide your feedback to Mike.Gentile@cisoshare.com or @MikeGentile03 on Twitter; I always read them.

Read Part 1: Making the Security Grade
Read Part 2: You Only Need an A+ Security Posture if a Life is at Stake
Read Part 3: Do Not Only Consider Security Risk in Your Security Effort
Read Part 4: Don’t Ask, Just Know

Reprinted from SecureWorld Expo