The world created by computers and networks may be considered “virtual reality,” but that doesn’t mean their use in the business world should be subject to different rules, especially when it comes to security and compliance. Far too often, however, firms treat their risk management when it comes to their computers and networks as separate from the common-sense dictates that rule their decision-making in the “real” world. They believe that digital security and compliance should operate under a different set of rules, and that leads to confusion as well as serious risk. The truth is that despite the advanced technology at play, digital security and compliance should be ruled by plain, old-fashioned common business sense, the same as any other types of risk management.
The type of thinking many businesses apply when it comes to risk management in the digital realm has given rise to numerous myths. These myths can lead to companies making some dangerous assumptions about how they should approach digital security and compliance. For example, too many firms believe they don’t need to worry about their digital security because they are not prime targets for hackers. However, this can be the same as leaving your sensitive equipment outside in the rain because you’re not worried about thieves. Data breaches can happen just as easily through internal errors and accidents as they can due to hacking, and security measures protect against these as well.
The following guide points out 10 of the most common myths organizations have when it comes to cyber-security risk management and compliance, as well as the facts. Knowing the difference between the two may be critical for your company as you navigate the often difficult-to-understand nature of today’s cyber-security and compliance landscape. Even though it may seem as if your computer networks exist in a different reality from the rest of your organization, the same real-world principles apply to them.
About the Author
Chris Cronin is a Partner, Principal Consultant and ISO 27001 Auditor for HALOCK Security Labs, a leading information security firm located in Chicago, IL. Chris has over 15 years of experience helping organizations with policy design, security controls, audit, risk assessment and information security management systems within a cohesive risk management process. He is a frequent speaker and presenter at information security conferences and events.