Manage Learn to apply best practices and optimize your operations.

In digital age, user empowerment will remain vital to cybersecurity

Mobility has been a blessing and a curse to modern businesses as they struggle to balance its business benefits with the information security headaches. To protect vital business data, organizations should empower and educate users to play their security role when accessing business data beyond the company's walls, said MIT Medical information security officer Roy Wattanasin.

In a series of video interviews from the ISSA International Conference in Orlando, Fla., in October, SearchCompliance editor Ben Cole discussed modern cybersecurity strategy with speakers, ISSA members and attendees. Here, Wattanasin discusses why user empowerment should be a big part of businesses' information security program.

More ISSA conference Q&As:

Education, awareness key to cybersecurity

Former CIA CISO implores companies to remember the data protection basics

Lacking internal security governance strategies pose big threats to sensitive data

What do you think are some of the big cybersecurity threats out there right now?

Roy Wattanasin: Right now, it's really the people. We need to educate and empower users, remembering it's not only about technological controls. It's about educating people. You can train people all day, but people are going to click on links. You also want to ensure that you are making sure you are not only doing training for the business, but also doing training users on where they can improve information security at home.

Are there any universal strategies that have proven particularly successful to information security, or do you think it's more important to stay flexible and adapt as threats evolve?

Wattanasin: It's important to be flexible, but also to have approval from the board and management as well by keeping your information security program up to date. Always be prepared. You can use all the methodologies, all the frameworks, but always keep a proactive sense of mind and be able to respond to different threats and breaches that occur.

With so many threats and vulnerabilities, how has that changed the information security professionals' role and how they interact with other departments?
Wattanasin: It used to be people, process, technology, but now that process has changed. Information is all over the world, on different devices like integrated health devices, the Internet of Things. As the technology has evolved, it involves being a technologist. As an information security professional, your job is really protecting everything around the perimeter.

How can companies strike the right compliance and security balance?

Wattanasin: It's really just empowering your users. Have your training program, your security awareness program and your policy around not only the business you are trying to protect, but outside the company as well -- what decisions your end users and employees should make when they are at home. Do they have to update? Do they need a virus scan? Do they need a new program? So, it's empowering your users, not only when using technology but also by having them understand why you are doing this.

Let us know what you think about the story; email Ben Cole, site editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How does your organization incorporate user empowerment into cybsecurity strategy?
This is common sense. Especially as more BYOD comes into play. No longer will we all be carrying two devices for our work - it'll be one mobile device with our personal and business information on it. The fear is if it gets lost we're screwed in both realms. But there has to be a method for keeping data secure from thieves AND from our employer. I'm excited to see how this plays out.