The end of the year is a busy time for information security professionals. There are a lot of balls to juggle, and our adversaries are poised to attack if we look in the wrong direction.
The team behind Target’s data breach last year took advantage of the retailer’s increased traffic volume—both online as well as through its brick-and-mortar stores—to sneak in and infect the point-of-sale systems. The high number of credit card transactions being processed, the increased activity, and the pressure of keeping systems up, all probably contributed to the confusion.
This month, we will be talking about some of the balls information security professionals have to juggle as we approach the end of the year. Some are expected, some are out of our control, and others can be managed. We will share tips, strategies, and suggestions on how to continue being an effective security leader for your organization.
The holiday shopping season brings with its own kind of frenzied chaos and affects many organizations across multiple industry sectors.
Even if you aren’t subject to the whims of holiday shoppers, there are other restrictions that come with the end of the year. Many financial services organizations have compliance packages they need to complete before Dec. 31. When I worked at for a consumer lifestyle brand, there was a company-wide “code freeze” by early December—no new features could be added and only the most critical bugs could be fixed. One of the reasons was the fact we didn’t want to risk rolling out new features when QA testers and developers were out of the office.
Many people plan to take some time off this month and next, especially if the vacation days don’t roll over to next year. And many of us have to deal with severe weather conditions starting in October and continuing into November and December.
There are several special circumstances that make being an information security professional a little harder than usual at this time of the year. The budget planning process for next year is still going strong. There are planning meetings with various line-of-business managers to discuss next year’s strategic goals. You also need to assess where you are on this year’s capital improvement projects and figure out what you will be working on next year.
We will continue our budget discussions. We will talk incident response. We will even talk about disaster recovery and business continuity. What else do you think we should be talking about? Let us know in the comments below or on Twitter @RSAConference.