I’m sure you’ve been at a social party enjoying a good conversation when someone asks you: “So what do you do?”. It’s frustrating sometimes to explain in layman terms what we do as information security professionals. On top of that, it seems like everyone in the industry has his or her own way of defining even the most commonly used terminology such as information security, risk management and regulatory compliance. There are various approaches to help us better explain to others (including your mom) what you do on a daily basis:
Go to NIST, SANS or any other authoritative source and regurgitate something like this:
Send them to this site by Javvad Malik, who is always creating entertaining and educational videos. Here are a few of my favorite ones:
Defining risk management and the concepts of mitigation, avoidance, acceptance and transfer.
Compliance vs. Security
Explaining the differences between compliance and security and the danger of thinking they’re the same.
It’s Friday and we all need a little humor in our lives, so enjoy! Hasta pronto!
Angry frustrated man image via Shutterstock