Explaining Information Security, Risk and Compliance to Your Mom

I’m sure you’ve been at a social party enjoying a good conversation when someone asks you: “So what do you do?”. It’s frustrating sometimes to explain in layman terms what we do as information security professionals. On top of that, it seems like everyone in the industry has his or her own way of defining even the most commonly used terminology such as information security, risk management and regulatory compliance. There are various approaches to help us better explain to others (including your mom) what you do on a daily basis:

Option #1

Go to NIST, SANS or any other authoritative source and regurgitate something like this:

Option #2

Send them to this site by Javvad Malik, who is always creating entertaining and educational videos. Here are a few of my favorite ones:

Risk Management

Defining risk management and the concepts of mitigation, avoidance, acceptance and transfer.

Compliance vs. Security

Explaining the differences between compliance and security and the danger of thinking they’re the same.

It’s Friday and we all need a little humor in our lives, so enjoy! Hasta pronto!

@cindyv

 Angry frustrated man image via Shutterstock

Tagged as: Infosec, IT Security, Regulatory Compliance, Risk management

This post was written by…

Cindy Valladares has contributed 44 posts to The State of Security.

Twitter @cindyv

Contact Cindy Valladares

Official job title: Product Marketing Manager. Other passions and responsibilities at Tripwire: Social Media Strategist. What I love about Tripwire: Working with energetic, collaborative and fantastic team who develop, market and sell kick-ass products. Motto to work by: NIHITO (nothing interesting happens in the office) – now you know why I crave engagement and networking with all of you!