Here is a sample high-level cybersecurity policy for a city, district, or county. It is designed to be a high-level statement adopted by city council, supervisors, or board of directors and leave detailed policies and procedure at a lower level. The reason is detailed policy and procedure may need to change regularly and there is no reason to continuingly go back to council or board for detail changes. It is appropriate for department heads to accept the risks to their oper

According to the Verizon 2018 Data Breach Report, 93% of data breaches are linked to phishing or social engineering. With stats like that, you would think cybersecurity awareness would be a top priority for organizations. However, there have been some cybersecurity professionals who claim that awareness is not effective and won’t change individual behavior. I disagree with their pessimism, human behavior can be changed. In fact, advertisers pay millions of dollars for a su

Today, news agencies and outlets are reporting Information Technology (IT) breaches and loss of protected data at alarming rates. The centerpiece of these breaches, after months of forensic analysis, has been a lack of following IT industry accepted security best practices. Should manufacturers of IT products, both software, and hardware, follow these industry best practices by releasing secure products? Manufacturers need to start designing security in their products from th