Normally in security circles, the word 'exploitation' has the distinctly negative and foreboding connotation of some evil miscreant wantonly attacking and taking advantage of us ... but we'll be using the word in a much more positive sense in the IoT and BYOD security awareness materials for January.
The topic presents a golden opportunity to point out that information security mitigates the substantial information risks associated with IoT and BYOD, risks that would otherwise reduce, negate or even reverse the business advantages.
It's not entirely plain sailing, though, since the risks are context-dependent. Someone needs to identify and evaluate the risks and the corresponding security controls, in order to determine firstly whether the risks are truly of concern to the organization (they can't be avoided or accepted), and secondly whether the security controls are necessary and justified since there are costs as well as benefits.
We've pump-primed the process by doing the risk and security analysis in a generic way - a starting point for subscribers to consider and take forward. We don't pretend to know all about all the information risks each customer faces, nor the information security control options open to them. We're definitely not attempting to do the analysis for them, rather to inspire them to do it themselves. The awareness materials are the prompt to set them thinking and the motivation to get them going.
The topic presents a golden opportunity to point out that information security mitigates the substantial information risks associated with IoT and BYOD, risks that would otherwise reduce, negate or even reverse the business advantages.
It's not entirely plain sailing, though, since the risks are context-dependent. Someone needs to identify and evaluate the risks and the corresponding security controls, in order to determine firstly whether the risks are truly of concern to the organization (they can't be avoided or accepted), and secondly whether the security controls are necessary and justified since there are costs as well as benefits.
We've pump-primed the process by doing the risk and security analysis in a generic way - a starting point for subscribers to consider and take forward. We don't pretend to know all about all the information risks each customer faces, nor the information security control options open to them. We're definitely not attempting to do the analysis for them, rather to inspire them to do it themselves. The awareness materials are the prompt to set them thinking and the motivation to get them going.
No comments:
Post a Comment
The floor is yours ...