I know, I know, it is Valentine’s Day again! To our CISOs, Security Consultants, Security Analysts, make sure to book a romantic dinner for your special one and get your fancy gift ready. Otherwise, your risk level of relationship will be too high!
Speaking of love, I know many young professionals are actually not very good at it. They are so busy to pursue their career goals that often forget to nurture this important relationship. So, I’d like to provide you a framework this Valentine’s Day.
I call it – “Cybersecurity Framework for Love”!
This framework is actually based on the NIST Cybersecurity Framework specified by the National Institute of Standards and Technology. In a nutshell, it consists of five core functions:
While you can study the technical details of this framework, I just want to talk about how you can apply it to your relationship.
Identification – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
Do you know or understand your loved one? What does she like? What does she dislike? When is her birthday (hope you can answer this right)?
Spend some time learning about your partner. Use your cybersecurity skills to do some information gathering, build your knowledge base, assess your capabilities, identify your vulnerabilities (things you need to improve). This will help build a solid foundation for your relationship of love.
Protection – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
There are many critical areas in love, such as commitment, appreciation, sex, money, work, kids, health… No one is perfect. If you really care about this relationship, you have to work on it. You have to honor your SLA (Service Level of Agreement) for your loved one.
Detection – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Things happen. The journey of love is full of distraction, temptation, and confusion regardless how hard you work on it. The key is to detect these unpleasant events as soon as possible. Just like the unawareness of cybersecurity breaches will bring significant risks to a company, the unawareness of partner feelings will have negative impacts on your relationship.
Response – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
In cybersecurity, we all know, there is no such a thing as “100% security”. Sooner or later, you will have your first fight with your partner. The key here is how you handle it.
The first thing you need to avoid is FUD (Fear, Uncertainty, and Doubt). Control your emotions, cool down for a while, and work openly with your loved one. There is always a way as long as you truly commit to your love.
Recovery – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
The damaged relationship can be fixed in most cases. But you need to do your homework and prepare for it from the early stage. For example, in cybersecurity, data restore is an effective way to recover from security incidents. But if you do not have the regular data backup, there is nothing that you can put back. Love is the same. You must constantly nurture your relationship so that it will grow strongly to survive big storms.
Now you have the complete framework for your love. Commit yourself to follow the best practices in the areas of identification, protection, detection, response, and recovery. In return, you will enjoy the true love of life!
Happy Valentine’s Day!