The 12 Steps of Cyber Security (with appologies to any actual 12 step program that helps people)


  1. We admitted that we were powerless over our apps and servers, that our users had become unmanageable.
  2. Came to believe that experts could improve our security posture.
  3. Made a decision to write policies and procedures, and to enforce them.
  4. Made a searching and fearless inventory of our critical assets.
  5. Admitted through pie charts, that we had many vulnerabilities.
  6. Were entirely ready to mitigate any vulnerabilities we found.
  7. Humbly asked upper management for the resources to plug these vulnerabilities.
  8. Made a list of the asset custodians.
  9. Mitigated as many vulnerabilities as possible, except when the mitigation would be more costly than a breach.
  10. Continued monitoring vendor bulletins and other sources for new vulnerabilities.
  11. Sought out other experts, asked them to attempt to penetrate our systems, and benchmarked their security against ours.
  12. Having seen the light as a result of these pen-tests, and benchmarks, we carried the message back to upper management, and to all members of our organization.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s