Following Security Best Practices is Good But May Not Be Enough

If you look at books and publications on cybersecurity, it’s clear that we continue to emphasize common information security best practices: Keep up with patches, disable unnecessary services, have users work with limited privilege, follow system hardening principles, and maintain an ongoing program of user education. Depending on the industry, there are guidelines, standards, or even federal regulations that drive cybersecurity. Unfortunately, as shown by Heartland Payment Systems and Target Stores, these standards are often viewed as encompassing security solutions, rather than baseline, minimal requirements.

Read more