Originally posted to LinkedIn on December 23, 2015
Tip #3: Look Around
Government, the defense and financial services industries do this well. They have the best practices, which you can learn with your technology team.
The Building Security in Maturity Model (BSIMM) is also a great place to start; see how information security in your organization compares to others in order to take the necessary steps to evolve and get better.
A great example of an industry-specific security measure is the concept of vaulting, where convenience stores and retailers never store credit card numbers from transactions or loyalty programs on site. They are placed in an off site “vault” that protects information from hackers.
Always remember, examples from sectors outside your own might be helpful and relevant, as is learning from missteps organizations take. Don’t be afraid to imitate best practices and learn from others’ experiences.
Tip #4 coming soon to a post near you…