During last month’s IT Nation Secure Conference, Ian Thornton-Trump, the chief information security officer at Cyjax, a threat intelligence company based in the UK, shared the eight principles of security leadership.
He reported that according to Comparitech, a pro-consumer website providing information, tools, reviews, and comparisons to help its readers improve their cyber security and privacy online, if measured as a country’s economy, cybercrime is predicted to inflict damages totaling $6 trillion USD globally in 2021 and would be the world’s third largest economy after the U.S. and China.
Following are the eight principles of security leadership that Thorton-Trump outlined in his presentation:
- Achieve personal and professional security competence. Complexity is the enemy of security.
- Embrace personal and professional security improvement. Know your infrastructure and the cycles of your business.
- Accept personal responsibility for security. Rhetoric about cyber war needs to be toned down otherwise that might spur more countries to take action.
- Set a personal example of being secure – i.e., secure customer authentication (SCA).
- Ensure everyone knows the meaning and intent of the security program. Explain why there is a need for a security program and what, where, and how your organization will protect against threats. This needs to be based on a realistic threat model.
- Embrace security improvement opportunities. You can always do more.
- Make sound and timely security decisions. Make a call, even if it’s the wrong one. “At least you made a call,” noted Thornton-Trump. Seek out help. You need information to make decisions. If you don’t have that information, they won’t be rooted in reality or could be the wrong decisions.
- Never ignore a security incident. Inform your supervisor and/or security operations. Learn from your mistakes and do not punish the guilty.
Access Related Content