October is National Cyber Security Awareness Month, as proclaimed by the U.S. DHS. The premise behind this is good: create awareness for cyber security. The DHS’s campaign will seek to:
Security professionals the world over need all the help they can get to create awareness of their craft. For the most part, security measures, be they physical or cyber, are business expenses. The challenge security professionals have is to justify those expenses in a manner that helps improve the overall business appeal from the prospectives of the customers, partners, employees and investors.
For most of us working in the cyber security profession, we are viewed a smart but our value is questioned. “We pay this guy how much for doing what exactly?” “If we did not do ‘this’, what would be the impact?” “Do we really need to jump through all of these hoops?” “Do we really need to buy all of these security tools, applications and appliances?” “Wasn’t our security policy just updated?”
Some things are just hard. Cyber security is one of those hard things. It is tough to see, quantify and qualify. The better we are at creating reasonable awareness of the issues confronting or business and industry, the better and more effective we will all be at performing our security jobs.