I believe we should make use of a an enterprise security audit team. Though our team has recently updated our security system, we have yet to put this system to any serious test. As familiar and comfortable as we are with our infrastructure, I think it is time for those confidences to be validated externally.
By utilizing an outside source to assess our security, we can not only insure our networks are up to an appropiate standard, but we cover ourselves in the instance of any liability, for going above and beyond due diligance and having an industry certified official acknowledge that we take security seriously. In the interest of any data breach, it would be difficult for us to be found liable, as we had recently conducted an independent survey, or cybersecurity audit.
If the auditor finds something to be out of compliance (which we highly doubt) we will be saved a hefty fine from the FCC, or any other governing body that requires our confidentiality and integrity. If the auditor doesn’t find anything, they can still advise on upcoming compliance issues that we may otherwise be unaware of. Naturally, we don’t expect this test to yield any flaws, as we have spent the past 2 years designing and implementing our dream security program. As it’s architects, it’s very difficult for us to discern any imperfections.
Although auditors only affirm the existence of security measures and not their effectiveness the advice and insight that accompanies an audit more than makes up for the lack of assurances, and as well all know, there are zero assurances in cyber security. This is why it is of the utmost importance to get ahead of curve and subject ourselves to the interrogation of experts to shatter our delusions of grandeur and inform us of the tarnishes and blemishes of our network design.
If these reasons prove insufficient, due to the lack of concrete proof on the effectiveness of our security measures, or the prevailing opinions that checkbox security is insufficient in an age of Advanced Perisistent Threats, I feel obligated to remind you that our insurance policy dictates that we conduct third party assessments every 5 years, and our deadline is coming up fast.
For these reasons, our recent restructuring of our security system, and the upcoming, mandated, third party assessment, I think it would be in our best interest to schedule another assessment with “Really Good Security” who we contracted last time to conduct our Audit.