WHAT 12 SECURITY THINGS SHOULD I FOCUS ON TO BE DEFENSIBLE IN 2016?
I was recently asked by a roundtable of CEOs to advise them on network security. They had a lot of questions and a lot of misinformation. I was surprised as this was a group of technology company CEOs and what I quickly found out is that they did not know much more than my non-tech company CEO clients. From that discussion they asked me to come back and present to them a short list of actions they should take in 2016 to better secure their systems. Initially I wanted to present them with a list of 10 things they should focus upon. For anyone that knows, it is easy to create a list of 100 things that should be done to secure a system. However, I decided in order to make the list actionable and not overwhelming I needed to focus on the 10 things I have seen in the past year or two that have caused the most real-life grief for our new and existing clients. I wanted to keep the list to 10 items, but I had to fudge a bit and expand to 12 core items. Then I added three bonus items for those who are over-achievers and another three for those in regulated businesses like healthcare, financial services and Sarbanes-Oxley.
This list is not complete or absolute. It is a list I have created largely in the order of my perceived importance based upon real-life hacks, breaches and other maladies related to failures of network security to keep the bad guys out. You will need to assess the requirements that are appropriate for your firm.
If you are looking for a good place to start, here are the core 12 security areas to focus on in 2016.
To assist you with the development of a rough budget v1.0 for your security changes in 2016, I added a template on the very last page of this document. I recommend you use that template to enter the rough cost estimates in each category. Doing so will get you in the ballpark of your 2016 security budget.