Skip to content

Menu

The American Legal Blogger logo
HomeAboutContactSubmit Your BlogChannelsSubscribe
The American Legal Blogger logo
AboutChannelsPublishersSubscribeContact
The American Legal Blogger logo
Submit Your Blog
Search
Close

Start a Blog. Grow Your Practice.

Schedule Demo

Canary in the Coal Mine – Am I Secure?

By Robert Gilette on October 29, 2021
Email this postTweet this postLike this postShare this post on LinkedIn

Answering the most difficult question in IT Support

By:  Special Guest Author, Robert Gillette

The number one question I get as an Outsourced IT Provider is “am I secure?” This question is difficult to answer because I am on the outside looking in. I am not your IT Provider. Can’t I just provide a security audit? Yes, but it won’t help you actually be any more secure. An audit will simply cost you thousands of dollars, and bring to the forefront the problems your IT resource either (1) didn’t know were problems, or (2) have been ignoring because they can’t fix them. Even then, an audit will give you a sense of your security concerns today… but what about tomorrow, or a week from now?

The world of security is changing in real-time, faster than you can imagine. Security is not just about best practice anymore, response matters too. Your IT resource must be as nimble as the bad actors. A list of IT vulnerabilities from weeks ago when an audit was completed will not make you secure.

Instead, organizations like the Center for Internet Security have published helpful guidelines for security professionals to follow. Authorities like the California Attorney General have pointed at the CIS 18 as a reasonable standard for security. Yet again though, these are highly technical and difficult for many business leaders to properly chaperon.

Given this, I developed a targeted set of 3 questions to serve as a canary in the coal mine. These questions are a test to see if an  IT environment might be compliant with the 18 controls.

The goal is NOT to ask the IT resource to start doing these things. We are simply testing to see if there is evidence that the much harder to complete (and assess) work has already been  done. The things these questions ask for are a reasonable outcome of properly deployed controls. If a business answers NO to any of these questions, the result should not be to undertake a project to turn them into a YES. These are leading indicators that something essential to security is not being done. I cannot say that you are definitely secure, but you pass the first test. If the answer to any of these is NO, then I can say that  it’s time for swift and dramatic action to address cyber security.

 

  • Posted in:
    Privacy & Data Security
  • Blog:
    The Privacy Hacker
  • Organization:
    Hopkins & Carley
  • Article: View Original Source

Subscribe to The American Legal Blogger

Subscribe Today
The American Legal Blogger logo
RSS Facebook LinkedIn Twitter
  • Home
  • About
  • Subscribe
  • Channels
  • Publishers
  • Contact

Welcome to American Legal Blogger

American Legal Blogger is a collaboration between the ABA Journal and LexBlog that brings together, in one place, the blogs, podcasts, and other insights and guidance generated by blogging lawyers across the US.

Learn more
Copyright © 2025, The American Legal Blogger. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo