CHAPTER 10A Culture of Security for All

A part of governance, risk, and compliance campaigns is “setting a tone from the top.” Executive management should point out different types of cybersecurity threats and how they can be recognized. It should then be clear on what part IT plays in preventing the cyberattacks, and what part everyone else plays. Right now, I don’t know where this line is drawn. In the arena of cybersecurity, what should I worry about versus what is IT tasked with preventing?

Respondent, McAfee Online Ethnographic Study

The headline for the short article was barely noticeable, buried at the bottom of the page, along with a feature on the upcoming high school football game. Those who looked closer may have dismissed it outright as hysterical doomsday prophesy, “Is World Series Quake Coming?” Four days later, the magnitude 6.9 Loma Prieta earthquake struck, killing 63 people in its wake, causing billions of dollars in damage and disrupting Game 3 of the World Series at Candlestick Park.1

Earthquakes are terrifying specters of nature. Every day, several hundred occur worldwide, though most of us don’t even notice them. They’re relatively small in nature—magnitude 2 or less. Major earthquakes, greater than a magnitude 7, happen more than once a month. Great earthquakes of at least a magnitude 8 hit about once a year. Unlike their smaller siblings, we notice these major and great quakes. Even if we’re lucky enough to be spared Mother Nature’s wrath, the media ...

Get The Cybersecurity Playbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.