Top 10 Points – Security Elevator Advice

These are my top 10 key points to give to the top man when he asks you “what should we be doing in security?” and you only have a minute or two or you need a single slide on security for the CTO:

  1. Identify and understand your threats
  2. Reduce your attack surface
  3. Compartmentalise your important services
  4. Track assets and fix known vulnerabilities
  5. Teach people to write secure code
  6. Teach people to behave responsibly
  7. Audit these processes regularly
  8. Monitor for & detect intrusions
  9. Prepare for incident response
  10. Choose and measure security outcomes

The challenge  is, there is a large volume of material needed to understand what they mean and why they matter and years of experience needed to truly understand how to deliver them.