.jpg?disable=upscale&width=1200&height=630&fit=crop&w=1920&resize=1920,1056&ssl=1 "Methods to Break the Safety Theater Phantasm")
Whereas sitting in a board assembly for a healthcare service supplier, veteran CISO John Rouffas was struck by a disconnect he stated was unimaginable to disregard. The safety replace was acquainted: Coaching metrics have been excessive, patching was on schedule, and vendor relationships have been in place. Board members walked away reassured in regards to the supplier’s safety program.
They should not have.
The board heard in regards to the 72% completion charge for the safety consciousness program however not that workers have been failing phishing simulations. The success charges had been caught at 52% for the previous two years. Patch reporting sounded thorough, however, in actuality, important Linux servers weren’t being patched because of inside friction and vendor misunderstandings.
“I used to be shocked to see the stage of safety theater in use to supply the board with a false sense of safety,” Rouffas later wrote on LinkedIn.
The truth that the safety consciousness program had a 72% completion charge “feels like an excellent quantity, nevertheless it doesn’t suggest something,” Rouffas famous. “What was reported to the board was a false message that every one was superb. Safety theater is not only an IT drawback. … It’s a governance failure.”
.jpg?disable=upscale&width=1200&height=630&fit=crop&ssl=1&description=Methods+to+Break+the+Safety+Theater+Phantasm){kind=link}