January 3, 2008

January brings a focus on resolutions and making changes. Most of us step on a scale, take a look in the mirror and vow to get in shape (lose weight). Recognizing this, we are inundated with information on dieting and losing weight. In seven months, I’ll be one of the 2000 people to race the Ironman triathlon in Lake Placid. My training includes nutrition. As I make changes to my own diet (but not dieting), the science is clear – sustained weight loss and health are more dependent on mindset and lifestyle, less on diet. Dieting, for the most part, doesn’t work.

Ironic, then, that we embrace the “security diet” approach to protecting information. Like a diet, people restrict activities and make wholesale changes that are difficult to sustain, but for brief periods. Once the audit (or event) has concluded, the restrictions and changes are lifted and its a happy return to business as usual; information is again left unprotected. The security diet, for the most part, fails.

What if instead of resolving to diet this year – for health or for protecting information – we resolved, instead, to change the way people protect information?

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.