The Old 80 - 20 Rule

Attended ISSA-Baltimore chapter's second InfoSec Summit yesterday in Laurel Md. The keynote speaker was Dr. Ron Ross Ron Ross, computer scientist at National Institute of Standards and Technology (NIST). He had an interesting observation that 80 percent of cyber intrusions and exploits can be prevented by "best practices". Best practices might be defined differently depending on who you ask, but at the end of the day it’s the simple stuff - firewalls, good authentication, adherence to processes and policies, patch management, training, etc. Would your business pass the 80 – 20 test? In my experience most don’t, but I can show you how.