.jpg?disable=upscale&width=1200&height=630&fit=crop&w=1200&resize=1200,630&ssl=1 "The best way to Break the Safety Theater Phantasm")
Whereas sitting in a board assembly for a healthcare service supplier, veteran CISO John Rouffas was struck by a disconnect he stated was not possible to disregard. The safety replace was acquainted: Coaching metrics have been excessive, patching was on schedule, and vendor relationships have been in place. Board members walked away reassured concerning the supplier’s safety program.
They should not have.
The board heard concerning the 72% completion fee for the safety consciousness program however not that staff have been failing phishing simulations. The success charges had been caught at 52% for the previous two years. Patch reporting sounded thorough, however, in actuality, important Linux servers weren’t being patched as a result of inside friction and vendor misunderstandings.
“I used to be shocked to see the degree of safety theater in use to offer the board with a false sense of safety,” Rouffas later wrote on LinkedIn.
The truth that the safety consciousness program had a 72% completion fee “feels like an excellent quantity, nevertheless it doesn’t suggest something,” Rouffas famous. “What was reported to the board was a false message that each one was high quality. Safety theater isn’t just an IT drawback. … It’s a governance failure.”
.jpg?disable=upscale&width=1200&height=630&fit=crop&w=1200&resize=1200,0&ssl=1&description=The+best+way+to+Break+the+Safety+Theater+Phantasm){kind=link}