How flexible should your infosec model be?
Security is a top priority at the Bank of Labor, but the financial institution updates its formal information security policy only once a year, maybe twice, regardless of what’s happening in the ever-changing threat landscape.
That’s not to say that the union bank ignores emerging threats such as new malware variants or phishing schemes, says Shaun Miller, the bank’s information security officer. On the contrary, the organization, which has seven branches in the Kansas City, Kan., area plus an office in Washington, routinely tweaks its firewalls and intrusion-protection systems in response to new and active threats. To avoid fatiguing its 120 users, however, it refrains from formalizing new policies more frequently.