data-breachIn the wake of a security breach, the finger is often pointed towards users as the possible culprits for the compromise. Although this may be the case for some breaches, it is not the case for all. As a result, we must identify all sources that may present a leak.

Rick Howard, CSO of Palo Alto Networks, presents this challenge in his latest article for Rather than spend endless federal dollars on employee security training, Rick provides the following advice:

Employee cybersecurity training should be focused on making them aware of the organization’s security policy and procedures, not training them to be cybersecurity experts.

Protecting the enterprise is the security team’s job. The security community should be designing systems that protect their employees. This will take work from both the vendor community as well as internal security teams, but it is possible. Threat prevention is the key.

Security teams will never be able to keep out every advanced adversary, but they can make it extremely difficult. Here are some best practices:

  • Deploy security controls at each point in the Kill Chain.
  • Realize that these security controls don’t work by themselves out of the box. They must be configured to function in the manner that you want them to. You have to bend them to your will.
  • Regularly capture metrics for each deployed security control to confirm it’s doing what you originally wanted it to do.
  • Regularly review your initial network security needs so you can make appropriate changes. When done, go back to the top of the list and start over.

Threat prevention is an ongoing process; it’s not something that you do once and walk away. So stop spending time and money trying to make users security experts and start spending on improving your threat prevention program.

For more information on threat prevention best practices, see the full article.


IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.


Federal Employees Are Not Security Experts

Leave a Reply