John Strand //
It’s odd, we try to push security forward through standards like NIST, the Critical Controls, and PCI, but most organizations strive to meet the bare minimum required by those standards. It almost seems that the standards we create become counterproductive to actual good security.
We have seen a couple of trends which seem to be changing that. First, Ransomware is something organizations must face in a visceral and immediate way. Because of this, we are seeing a huge movement in companies to improve their security – not just meet the minimum requirements. Secondly, we have a push from insurance companies requiring many solid security practices. This in and of itself isn’t that interesting. However, what IS interesting is how they are requiring these security requirements be verified before they pay out claims.
In this webcast we’ll talk about:
-Instances where not having insurance was catastrophic
-A sample of required security controls by some insurance companies
-Using Insurance as a medium to get the audit and legal departments to implement solid security