The reason the full list is so fascinating is that any one of these technologies—or any combination of them—could prove to be a valuable solution for a given company or vertical segment. As CompTIA’s 2019 IT Industry Outlook described, there is no single “next big thing” that will be sold or supported. Instead, companies are exploring and experimenting with many things at once, hoping to find a unique approach that will deliver impressive results.
I can’t name the health care organization that she worked for, but I can tell you why she felt that compliance – if done right – can really work. I found her argument to be absolutely compelling.
As proof, she stated that her organization had made the following changes over the past two years:
They hired a cybersecurity and physical security compliance officer who has complete oversight over the current network, as well as the physical premises of the organization.
The CIO and CISO now have a dotted-line reporting relationship to the compliance officer, which means they oversee some of the compliance officer’s activities, but she does not fully report to them.
All current – and future – network plans must be reviewed and approved by the compliance officer. The compliance officer I spoke with emphasized the importance of having someone who understands the implications of what is being proposed.
All new hires must be reviewed by the compliance officer.
Security analytics reports and pen testing results must be presented to the compliance officer for consideration and approval.
In short, this health care organization had created an office and officer that has the authority to approve or alter its physical and cyber assets. I’ve found this to be a relatively rare situation. While most organizations have compliance officers, they don’t all seem to have the kind of authority that she has.
She agreed that taking a checkbox approach to security never really works. But it’s also not quite fair to reduce the efforts of a properly enabled compliance officer to any checklist.
More Info: comptia a+ careers
I can’t name the health care organization that she worked for, but I can tell you why she felt that compliance – if done right – can really work. I found her argument to be absolutely compelling.
As proof, she stated that her organization had made the following changes over the past two years:
They hired a cybersecurity and physical security compliance officer who has complete oversight over the current network, as well as the physical premises of the organization.
The CIO and CISO now have a dotted-line reporting relationship to the compliance officer, which means they oversee some of the compliance officer’s activities, but she does not fully report to them.
All current – and future – network plans must be reviewed and approved by the compliance officer. The compliance officer I spoke with emphasized the importance of having someone who understands the implications of what is being proposed.
All new hires must be reviewed by the compliance officer.
Security analytics reports and pen testing results must be presented to the compliance officer for consideration and approval.
In short, this health care organization had created an office and officer that has the authority to approve or alter its physical and cyber assets. I’ve found this to be a relatively rare situation. While most organizations have compliance officers, they don’t all seem to have the kind of authority that she has.
She agreed that taking a checkbox approach to security never really works. But it’s also not quite fair to reduce the efforts of a properly enabled compliance officer to any checklist.
More Info: comptia a+ careers
No comments:
Post a Comment