Canadian Security Partners’ Forum – Effective Resource for Security Executives

Canada
Canada (Photo credit: palindrome6996)
Canadian security executives have long needed the proper
support system and forum regarding the landscape of security in Canada.  The Canadian Security Partners’ Forum (CSPF)
is answering that need. The Forum is a unique network that in just one year has
grown to include over 80 organizations that represent most horizontals in most
verticals across industry sectors.
The Forum’s success can be traced back to its founder, Grant
Lecky, who has a diverse background in security and risk management and a
strong focus on business continuity planning and emergency planning and
organizational resilience. Lecky was recently acknowledged by Security Magazine for his efforts, identifying him as one of ‘The Most Influential People in
Security 2012’.
Security executives, educators and thought leaders have all
embraced the Forum’s concepts and goals, helping to overcome the isolation of
silos that often gets in the way for most other organizations.
Bonnie Butlin, Executive Director for CSPF, has observed that “you usually don’t see such swift growth in helpful agile networks. It’s more
often observed in threat networks.”
One of the many ways the CSPF helps to work with the
security community is to be a catalyst and facilitator to help inspire
conversations followed by action to build new networks that fill recognized
voids. As the Forum’s Executive Director, Butlin tracks trends in the news as
well as in forum discussions to identify gaps in the community, and then brings
them forward to be addressed by the Forum participants. By proactively engaging
discussions on observed trends the Forum and its participants can respond to
topics of concern as they arise, not just after the fact.
In the upcoming October issue of Vanguard, CSPF
will be featured in an article outlining just how effective the organization
has become in addressing the foundation needs in joint force development. The
article is based on the Joint Staff’s study “Decade of War Volume I: Enduring
Lessons from the Past Decade of Operations”, which highlights 11 strategic themes
for enabling responsiveness, versatility and affordability for collaborative
mission focused groups. Originally used as a post-Iraq evaluation, the themes
are applied to the security community and the CSPF.
Defence Intelligence is proud to support the CSPF and the
security community at large in proactively combatting threats to Canadian and
North American networks.

Enhanced by Zemanta

Taking Responsibility for a Data Breach

Anti-Sexual Harassment Graffiti reading: No To...
Anti-Sexual Harassment Graffiti reading: No Touching allowed: Castration Awaits You (Photo credit: Wikipedia)

A data breach can cause both public
embarrassment and significant cost to the company involved, as well as
employee turmoil and time spent dealing with the incident internally.
This can similarly be compared with handling a sexual harassment
incident. Equally embarrassing and perhaps costly if handled wrong,
there is a follow up surge in both cases for training and awareness
given to the employees at large, hoping to prevent another incident.
The big difference between these
examples is individual blame and repercussions. There is training and retraining or best practices suggestions, but who is getting fired? Even if a company
didn’t fire the people responsible for the sexual harassment, they
would know who to watch for future mistakes and both sides would know
that a second lapse in judgement would be the final one. With a data
breach however, the parties involved may still be a mystery following
the incident and no one would know who to watch or even who to blame
when it happens again.
Government legislation forced
corporations to adjust their company policies and provide staff
training. The high cost of fines and loss of reputation made acting
responsibly no longer a choice. It is now common practice for most
companies to have a human resources department that ensures sexual
harassment behaviour and the punishment for it is written into the
corporate policy. Is enough training combined with clearly defined mandates and consequences being given to deal with network breaches and data loss?
While the corporation suffers a
financial loss and damaged reputation, the result of a company breach
can cause the company to lose on so many more levels: financial and
proprietary information loss, lost sales, damaged reputation, lost
trust from their customers and vendor-partners, the list just goes on
and on. So why is this not being handled by organizations with more
importance and aggression?
A security breach is usually attributed
to sloppy habits and an irresponsible attitude that leads to
behaviour that creates or allows a breach. It doesn’t matter what
people use as an excuse for sloppy habits it needs to be tidied up.
Right now the attitude of the average employee toward information
security is pure apathy. They don’t care and they have no reason to
care. They take no personal ownership over the data they handle for
the company so they feel no responsibility, and no one is ever
singled out for information security misconduct. People’s thinking
would change quickly if there were a red flashing light that went off
on their computer monitor, laptop or device when they specifically
broke corporate security rules.
Companies should be writing fines and
repercussions into corporate policy for incidents such as:
  • opening an email link or
    attachment that did not fit the proper profile
  • going to a forbidden or untrusted site
  • using a USB from an unknown source
Until we can track back data breaches
without fail to individuals that caused it with certain behaviour,
begin with deterring the behaviour that could cause the breach.
Touch that girl inappropriately? You’re fired. Two “red light”
incidents at your workspace? You’re fired. Organizations need a more
aggressive approach to security, because the whole company benefits
and the whole company suffers when reckless and indifferent
behaviour is ignored.
Related articles
Enhanced by Zemanta