Page 27 - GS220401
P. 27

CoverStory




        security best practices, Tola Dalton, director of software   Brent Johnson, chief information security officer at Bluefin,
        development at eBay, encouraged FIDO members to         advised IT teams to identify the greatest risks to their
        celebrate incremental successes.                        businesses and build security budgets around mitigating
                                                                and protecting against them. "My advice would be to
        "There is a tendency to fixate on the end state of being truly   follow tried and true methods to achieving security goals,"
        passwordless where the user always authenticates via    he said. "Follow and stay up to date on NIST guidelines
        biometric and [other FIDO methods]," Dalton said. "One   and security standards within a specific industry. Monitor
        of the realizations we've had is there are really significant   security bulletins such as US-CERT."
        gains to be made along the way before we get to that end
        state."                                                 Johnson noted that security has multiple technology
                                                                layers, which he described as "physical security,
        Security posture                                        application security, the software development lifecycle,
        An organization's security posture is measured by its   logical security and access control/least privilege, system
        ability to predict, prevent and respond to ever-changing   build configurations, patching processes, vulnerability
        cyber threats and, as security professionals constantly   management, and monitoring controls." He added,
        remind us, these abilities require human and machine    however,  that  security's  purpose  is  unwavering  and
        intelligence in equal measure.                          absolute. "While the technologies to achieve security
                                                                continue to evolve, from my perspective within InfoSec,
        Pankit Desai, co-founder and CEO at Sequretek, proposed   the basic principles remain unchanged: to ensure the
        organizations can improve their security posture by     confidentiality, integrity and availability of data."
        combining predictive analytics with human expertise.
        "Instead of solving problems as they arise by building   Dale S. Laszig, senior staff writer at The Green Sheet and managing
        products that address known threats, organizations could   director at DSL Direct LLC, is a payments industry journalist and content
        combine machine and human intelligence to proactively   strategist. Connect via email  dale@dsldirectllc.com, LinkedIn  www.
        assess the security landscape," he said.                linkedin.com/in/dalelaszig/ and Twitter @DSLdirect.
   22   23   24   25   26   27   28   29   30   31   32