Familiar with the Cisco Annual Security Report?

 

Cybersecurity Month makes it a great time to look at Cisco’s Annual Security Report, a substantial yearly tome that brings us the research, insights, and perspectives of Cisco’s security experts as we all engage in the relentless struggle to protect ourselves from attackers. For this blog post, I’d like to drill down to page 45 of the 2015 edition of the report and call your attention to the company’s five-point “Security Manifesto.” It’s very useful advice for security teams attempting to respond to today’s cybersecurity challenges.


Cisco-Security-Manifesto.jpgThe five tenets of the Cisco Security Manifesto are as follows:

  1. Security must be considered a growth engine for the business.

  2. Security must work with existing architecture, and be usable.

  3. Security must be transparent and informative.

  4. Security must enable visibility and appropriate action.

  5. Security must be viewed as a “people problem.”

 

Breaking Down the Manifesto

Let’s look at each of these five principles more closely:


1. Security must be considered a growth engine for the business: All too often, addressing security becomes a major constraint for an organization, but this is because security isn’t considered early enough in the evolution of a business project. Businesses need to involve security teams early on in projects that require the deployment of new technology. Likewise, security teams can’t be shy wallflowers waiting coyly for a chance to participate in the dance. They need to get actively involved.


“Security professionals must take proactive steps to ensure they are involved in technology conversations, and understand how security processes can enable the organization’s agility and success, while protecting its data, assets, and image.”

2. Security must work with existing architecture, and be usable: This principle works hand in hand with the previous one. Security architecture must be able to work fluidly with technology architecture or else people will circumvent it. The earlier that security teams are brought to the table, the less likelihood there will be for architectural constraints being imposed by security issues.


3. Security must be transparent and informative: Users will be frustrated by vague security roadblocks they don’t fully understand, and might even try to bypass them. The more that organizations can explain why a certain security procedure is being implemented, the more they can count on cooperation.


“When a user attempts to access a web page and is met with the message, ‘Access to this site has been denied by your administrator,’ there is no context as to why they can’t access the page. But if the message said, ‘Access to this site has been denied because it has served malware in the last 48 hours,’ the user would be better informed and understand the potential risk not only to the organization, but to them, as an individual user.”

4. Security must enable visibility and appropriate action: In order for security teams to become more active and accurate in identifying and responding to threats, they need tools for automating visibility into the network so that they can see not only traffic but the assets that make up the network.


5. Security must be viewed as a “people problem”: Strong security is not just about tools; it is about people being educated about the importance of security in all aspects of their everyday life. Well-educated users will make good decisions about security and be more likely to be proactive and ask questions if they sense there is a security compromise.


“Improved dialogue between security professionals and users will also help users see that technology alone cannot assure security. People, processes, and technology, together, must form the defense against today’s threats.”

Next Steps

If you’ve been sufficiently inspired by the Cisco Security Manifesto, we urge you to check out the complete Cisco Annual Security Report. While you’re at it, explore what Cisco has to offer in terms of security and cybersecurity training and certification. And, let us know, are there any points that you would add to the five principles in the Security Manifesto?

 

Get the latest IT industry news and exclusive Cisco learning offers. Sign Up Now!

 

gary48a.jpgGary Pfitzer is a content manager at Learning@Cisco, focused on bringing various aspects of today's IT journey to light through business papers, blogging, customer success stories, and other writing.