Information Security Blog

The Speed of Trust

If you like business books, “The Speed of Trust” by Stephen Covey (no not that Stephen Covey — it’s actually his son), is worth reading. In it he proffers a very simple, but profound, premise — that trust is a business lubricant — one that improves the effectiveness and efficiency of business relationships.

As an example, he recounts Warren Buffet executing a multi-billion dollar purchase of a company, over a few-hour period, as he had absolute trust in the CEO. His due diligence was reduced to a lunch meeting (no teams of lawyers and accountants spending months poring over financial statements and legal documents).

It really rang home this week when we expended more sales & marketing effort in securing a $2K external penetration test for a small bank, than we did securing a $70K security “Certification & Accreditation” project for a major governmental entity.

The difference, we have earned the governmental entities trust over a multi year period by consistently demonstrating character and competence while successfully executed on critical projects , it was the first time we had spoken to the bank.

One of the exciting assertions that Covey makes is that Trust is not a soft ephemeral entity, rather it is something tangible, that can be earned by consistent trust earning behaviors that he details. As a company that needs to be intrinsically trusted to perform the assessments we do, and whose job it is to provide management with assurance that the systems we are assessing are trust-worthy, his research in this area is of remarkable interest to us.

Trust is especially critical for us, as the level of assurance we provide is directly proportional to the trust our clients have in us. Accordingly, we have made a number of changes in the way that we operate to ensure that we are as demonstrably trustworthy as we aspire our customers systems to be.

How trust-worthy are you, your company, your vendors, your partners? How much is it costing you? The answer may surprise you.

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

Substantiate the net effectiveness of a mature control environment
Prove to a third party that an environment is secure/trustworthy
Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.