I spoke this week at an event where I was discussing how globalization is impacting information security and used the McDonald’s at the Louvre in Paris as a very sad example of how we are unfortunately losing our regional cultures. On the plus side, that same McDonald’s and the 31,000 other McDonald’s around the world can teach us a lot about information security.

As a person who enjoys dining and tries to eat healthy – I’m not a really big fan of eating at McDonald’s.  That being said, I’m amazed by any company that can feed 47,000,000 (that’s million!) people per day in 31,000 restaurants across 120 countries and have their dining experiences all be so remarkably consistent.  When you consider the cultural differences, supply chain logistics, and the fact that over 1,500,000 employees are involved in the process … it’s an incredibly remarkable feat (especially when you consider that the vast majority of their employees don’t have a lot of education).  How do they do it?

McDonalds has developed nearly flawless, continuously improving, systems for EVERYTHING.  How burgers are cooked, the way the combo meals are packaged, the ratio of ice to soda in each cup, nothing is left to chance.  They have identified every possible process that could be systematized and then they’ve gone through the process of creating, documenting, implementing, and continuously improving each of those systems.  So what does this have to do with information security?  Everything.

We would all significantly benefit from developing an Information Security “playbook” like McDonald’s has for their business that defines the “system” that we need to put in place and the information security processes that we need to operate and optimize.  Fortunately, the basic framework exists: ISO-27001.  It’s an Information Security Management System supported by ~ 134 key processes (ISO-27002) that an organization needs to account for when securing their information and critical processes.  Better yet, it’s a system that has already been vetted by thousands.

So the next time you are struggling with the challenges of knowing you’re secure and proving you’re compliant … think about McDonald’s.  Is your challenge more daunting than serving 47,000,000 people every day in  31,000 restaurants in 120 countries?

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

• Substantiate the net effectiveness of a mature control environment
• Prove to a third party that an environment is secure/trustworthy
• Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
• To validate that significant changes did not have unanticipated results

Free Whitepaper: Five Best Practices for SIEM

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

• Simplify compliance monitoring/reporting
• Vastly improve Incident Detection & Incident Response
• Contextualize event information with other business relevant information

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

• How to deal with increasing threats
• How to manage multiple regulatory requirements
• How to handle client requests for attestation
• To validate that significant changes did not have unanticipated results

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.