Rats and mice like cheese, we all know that.
So if you’ve got a nice big smelly cheese, how do you keep it safe? Do you spend your time working out how to kill all the rats and mice in the world, or do you find a nice safe place for the cheese, and hope the rodents go elsewhere to look for easier prey?
The first option is doomed to fail and will use up all your energies; the second is much more likely to succeed.
The same goes for information security. Companies can spend time and effort worrying about where the next security threat will come from, or they can focus on what they are trying to protect – their information assets.
For most organisations, the key to securing themselves is first to understand what information (or other supporting assets) is important to them (the cheese). What is our cheese? Where is it and who has access to it? Do we share the cheese with others? How are we currently protecting it? The more we understand, the better equipped we will be to protect it.
Whilst the modern day information security professional’s philosophy of “it’s not a question of if, it’s a question of when” may well be true, ensuring that the most critical assets are protected will minimise the chances of a security incident turning into a full security breach.
My AnalogiesIf the rats are after your cheese, keep the cheese safe Is Your Security Framework Like a Smooth Saloon Car or a 4X4?