CESG is challenging the information security community by asking them to deliver security controls that will effectively help business users achieve their goals securely.
CESG, the information security branch of UK the intelligence agency GCHQ, is simply asking the security community to bring to market security solutions that actually make sense. Technical Director at CESG, Jonathan Lawrence, explains, “The aim of security professionals has to be understanding what people in the business are trying to achieve and helping them to achieve those goals securely.”
All too often employees are cutting corners to get their jobs done because organizations are too concerned with how their security posture looks on paper when the reality is anything but secure. Resulting in employees using personal online accounts and utilizing their own devices just to complete a day’s work.
Lawrence believes an organization's approach to security should be shifted to a risk-based approach, where organizations identify the real risks and put in the minimum security controls to mitigate those real risks.
In addition, organizations need to quit blaming employees for unforeseen security happenings, and instead, implement security safeguards so if/when an employee clicks on a malicious link, downloads something suspicious, or does not effectively block malware, solutions will be implemented to better deal with the security mishappening.
With NNT’s Change Tracker Gen7, CAS (T) requirements for monitoring are easily taken care of with our continuous file integrity monitoring and compliance controls.
Read this article on Computer Weekly