10 Things an ISO Should Not Do
Last reviewed: March 2017
Now that you have a mentor and you are meeting on a regular basis, you may need some ideas for things to talk about. Here are just a few ideas to get you started.
Top 10 Things an ISO Should Not Do
- Don't Panic
- Publicly or privately make the claim that the institution is secure
- Assume that there is some place on the internal network that is "secure"
- Make a service so inaccessible that it becomes insecure
- Consider any process, training, or device as a silver bullet
- Consider technology in isolation as a solution to security risk
- Fight fires (okay, almost never)
- Develop punitive measures for IT staff who make mistakes in securing their systems
- Compromise ethics for expedience, or at the direction of your management
- Make decisions in isolation
The Mentoring Toolkit includes additional ideas for conversation starters.
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).