{"id":231,"date":"2015-05-29T20:21:00","date_gmt":"2015-05-29T20:21:00","guid":{"rendered":"https:\/\/belayclientstaging.zone\/securityeverafter\/2015\/05\/29\/trust-but-verify\/"},"modified":"2023-02-22T10:47:29","modified_gmt":"2023-02-22T15:47:29","slug":"trust-but-verify-2","status":"publish","type":"post","link":"https:\/\/securityeverafter.com\/trust-but-verify-2\/","title":{"rendered":"Trust But Verify"},"content":{"rendered":"<h1>Trust But Verify<\/h1>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\">Be intentional about how you spend your time. I believe that every person can incrementally improve their security program by being intentional about how they spend their time. One method is to check several items for compliance every month intentionally. While not intended to replace the value of an auditor, this approach can generate incremental value from the overall compliance process.<\/div>\n<div><\/div>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\">If you have the requirement to comply with PCI, you are in luck! You could easily create a table that pairs one of the 12 categories with one of the 12 months in a calendar year. Inside each month, you could list several essential items to verify. When printed out and kept nearby, it can serve as a reminder to track progress over time diligently. Compare this table year over year and look for trends that will help identify the sometimes small areas to focus on that can make a significant impact.<\/div>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\"><\/div>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\">I have used this approach to expect more of myself and set the bar a bit higher. I successfully showed this matrix to outside auditors and received positive feedback. Nothing was magic about this table; it forced me to be intentional every month.<\/div>\n<div><\/div>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\">This approach can identify and remediate unexpected \u201ccompliance drift\u201d more quickly. This approach can be used inside several of the regulatory compliance requirements. If you do not have one, ask friends and colleagues who do to learn what they find beneficial in their respective environments. As always, a great place to start is with the <a style=\"color: #006699;\" href=\"http:\/\/www.sans.org\/critical-security-controls\/\">20 Security Controls<\/a>.<\/div>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\"><\/div>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\">Can you make it easier on yourself to do the right thing by being intentional? I believe it is possible to leverage systems like this to make it easier to do the right thing.<\/div>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\"><\/div>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\">What systems do you use to force you to be intentional? Please use the comments section to share what works for you.<\/div>\n<div><\/div>\n<div>I recently posted this on the\u00a0<a href=\"https:\/\/isc.sans.edu\/\">SANS Internet Storm Center<\/a>.<\/div>\n<div style=\"background-color: white; color: #222222; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, sans-serif; font-size: 13.6000003814697px; line-height: 19.0400009155273px; margin: 0px; overflow: auto; padding: 0px; width: 420px; word-wrap: break-word;\">\n<div>\n<p class=\"p3\"><a href=\"https:\/\/www.securityeverafter.com\/community\">Subscribe<span class=\"Apple-converted-space\"> t<\/span>o our email list<\/a> to get more cybersecurity content delivered to your Inbox!<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Trust But Verify Be intentional about how you spend your time. I believe that every person can incrementally improve their security program by being intentional about how they spend their time. One method is to check several items for compliance every month intentionally. While not intended to replace the value of an auditor, this approach [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[7,21,22],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Trust But Verify - Security Ever After - vCISO<\/title>\n<meta name=\"description\" content=\"Trust But Verify\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securityeverafter.com\/trust-but-verify-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trust But Verify - Security Ever After - vCISO\" \/>\n<meta property=\"og:description\" content=\"Trust But Verify\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securityeverafter.com\/trust-but-verify-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Ever After - vCISO\" \/>\n<meta property=\"article:published_time\" content=\"2015-05-29T20:21:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-22T15:47:29+00:00\" \/>\n<meta name=\"author\" content=\"Russell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:site\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Russell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securityeverafter.com\/trust-but-verify-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/trust-but-verify-2\/\"},\"author\":{\"name\":\"Russell\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\"},\"headline\":\"Trust But Verify\",\"datePublished\":\"2015-05-29T20:21:00+00:00\",\"dateModified\":\"2023-02-22T15:47:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securityeverafter.com\/trust-but-verify-2\/\"},\"wordCount\":337,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"articleSection\":[\"Leadership\",\"Operational Security\",\"SANS Top 20 Controls\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/securityeverafter.com\/trust-but-verify-2\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/securityeverafter.com\/trust-but-verify-2\/\",\"url\":\"https:\/\/securityeverafter.com\/trust-but-verify-2\/\",\"name\":\"Trust But Verify - Security Ever After - vCISO\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/#website\"},\"datePublished\":\"2015-05-29T20:21:00+00:00\",\"dateModified\":\"2023-02-22T15:47:29+00:00\",\"description\":\"Trust But Verify\",\"breadcrumb\":{\"@id\":\"https:\/\/securityeverafter.com\/trust-but-verify-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securityeverafter.com\/trust-but-verify-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securityeverafter.com\/trust-but-verify-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securityeverafter.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trust But Verify\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securityeverafter.com\/#website\",\"url\":\"https:\/\/securityeverafter.com\/\",\"name\":\"Security Ever After - CISO\",\"description\":\"vCISO\",\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securityeverafter.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securityeverafter.com\/#organization\",\"name\":\"Security Ever After\",\"url\":\"https:\/\/securityeverafter.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"width\":1169,\"height\":826,\"caption\":\"Security Ever After\"},\"image\":{\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/russelleubanks\",\"https:\/\/www.linkedin.com\/in\/russelleubanks\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\",\"name\":\"Russell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"caption\":\"Russell\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trust But Verify - Security Ever After - vCISO","description":"Trust But Verify","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securityeverafter.com\/trust-but-verify-2\/","og_locale":"en_US","og_type":"article","og_title":"Trust But Verify - Security Ever After - vCISO","og_description":"Trust But Verify","og_url":"https:\/\/securityeverafter.com\/trust-but-verify-2\/","og_site_name":"Security Ever After - vCISO","article_published_time":"2015-05-29T20:21:00+00:00","article_modified_time":"2023-02-22T15:47:29+00:00","author":"Russell","twitter_card":"summary_large_image","twitter_creator":"@russelleubanks","twitter_site":"@russelleubanks","twitter_misc":{"Written by":"Russell","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securityeverafter.com\/trust-but-verify-2\/#article","isPartOf":{"@id":"https:\/\/securityeverafter.com\/trust-but-verify-2\/"},"author":{"name":"Russell","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3"},"headline":"Trust But Verify","datePublished":"2015-05-29T20:21:00+00:00","dateModified":"2023-02-22T15:47:29+00:00","mainEntityOfPage":{"@id":"https:\/\/securityeverafter.com\/trust-but-verify-2\/"},"wordCount":337,"commentCount":1,"publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"articleSection":["Leadership","Operational Security","SANS Top 20 Controls"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/securityeverafter.com\/trust-but-verify-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/securityeverafter.com\/trust-but-verify-2\/","url":"https:\/\/securityeverafter.com\/trust-but-verify-2\/","name":"Trust But Verify - Security Ever After - vCISO","isPartOf":{"@id":"https:\/\/securityeverafter.com\/#website"},"datePublished":"2015-05-29T20:21:00+00:00","dateModified":"2023-02-22T15:47:29+00:00","description":"Trust But Verify","breadcrumb":{"@id":"https:\/\/securityeverafter.com\/trust-but-verify-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securityeverafter.com\/trust-but-verify-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/securityeverafter.com\/trust-but-verify-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securityeverafter.com\/"},{"@type":"ListItem","position":2,"name":"Trust But Verify"}]},{"@type":"WebSite","@id":"https:\/\/securityeverafter.com\/#website","url":"https:\/\/securityeverafter.com\/","name":"Security Ever After - CISO","description":"vCISO","publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securityeverafter.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/securityeverafter.com\/#organization","name":"Security Ever After","url":"https:\/\/securityeverafter.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","contentUrl":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","width":1169,"height":826,"caption":"Security Ever After"},"image":{"@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/russelleubanks","https:\/\/www.linkedin.com\/in\/russelleubanks\/"]},{"@type":"Person","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3","name":"Russell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","caption":"Russell"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/231"}],"collection":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/comments?post=231"}],"version-history":[{"count":4,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/231\/revisions"}],"predecessor-version":[{"id":1703,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/231\/revisions\/1703"}],"wp:attachment":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/media?parent=231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/categories?post=231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/tags?post=231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}