The recent article by Allen Gwinn demonstrates a gross lack of understanding of the fundamentals of cybersecurity.
The title specifically refers to “industry best practices” which Gwinn defines with a link not to a cybersecurity company but to an article on a random computer services provider’s website not written by an expert. If Gwinn has the 40 years of expertise that he claims in all things cyber, he would be aware of the most commonly accepted cybersecurity industry best practices, which include minimally the Center for Internet Security Controls (CIS) and the National Institute of Standards and Technology Cybersecurity Framework (CSF). These, and many others created around the world by respected bodies, are peer reviewed and well accepted.
The reason I highlight these actual industry best practices, versus the article’s example, is that they all include an acknowledgement that there will be failures even in the best programs. The CSF, for example, defines a cybersecurity framework as “Identify, Protect, Detect, Respond, Recover.” In short, actual industry best practice is that you accept that even the best programs will experience an incident and…
