I recently taught a cyber security class to a large medical practice. The goals were to better protect the organization from cyber-attacks and to improve their HIPAA compliance. This medical practice is a well-run and well-managed business that invests in its employees and is clearly one of the most security conscious practices I have worked with. The hour-long course covered the cyber security basics including password management, safe Internet practices, phishing, malvertising, and incident response. I wanted to build their cyber confidence such that they quickly knew how to recognize and respond appropriately to a potential cyber threat.
Overall the course went very well; although, I took the class to areas they were not familiar with nor comfortable with. Discussions at times were lively and lengthy, which was great as they were really engaged. There was a common thread in our discussions and that was people are not using the correct terminology concerning cyber security and threats, and this causes confusion and misunderstandings. Let’s face it, in today’s world, we are bombarded daily by the news media about hacking incidents and new cyber threats. It is part of our daily lives and conversations.
So, I was really pleased when a colleague, Mike Moran, returned from a cyber security conference and brought our team copies of a new lexicon recently published by (ISC)2. This is by far the best glossary of cyber security terms I have seen. It was published by John McCumber in February and you can download a copy from his blog. John is the Director of Advocacy for the North American Region of (ISC)2. And who is (ISC)2? The International Information System Security Certification Consortium is the largest and best recognized association of cyber security professionals. Mike is certified by (ISC)2 and helps our customers improve their cyber security.
I recommend you download a copy of the (ISC)2 lexicon and review it. Post it in your office and distribute it to your team. It sends the message your organization is serious about cyber security and enables everyone to speak more accurately. It is another step in building your organization’s cyber confidence.
If you have concerns about your cyber security or would like to improve your cyber confidence and compliance, contact us at: info@thirdrock.com