I’m not really sure what it is going to take for people to do Information Security basics well. Just how many multi-million credit card breach, PLA attacks a hospital company, hacktivists use insider to breach you headlines is it going to take? Seriously people, I feel like the boy who cried wolf. Except that I really am alerting you to the wolf and you appear to think I’m just making it up.

I’ve been writing and presenting on what is going on for years now. For example, there is this piece I wrote in July. In it I said that you could reduce 80-90 percent of the risk you face by doing the following:

• Patch and Update (yep, they listed it first)

• Good fundamental policies

• Security education

• Encryption where it’s warranted

• Serviceable perimeter protection

• Identity and Access Management

Based on the onslaught of breaches since then, this hasn’t sunk in yet. Nor the 14 other times I wrote some variation of that piece. In Jan, 2008 I gave this presentation to the ISSA CISO Forum …. notice that most …