Skip to content

Rules Before Tools: The Importance of Establishing a Strong Foundation for Cybersecurity

Author: Sean Lee, CISSP, Managing Director

July 20, 2023

In June, the Oregon Department of Motor Vehicles (DMV) announced that a widespread data breach had compromised 3.5 million driver’s license and identification card files. (You can read the details in the article).

The hack has placed the state’s school districts and higher education institutions that rely on interconnected systems on high alert, prompting a flurry of activity aimed at preventing a similar scenario. 

As is often the case, a knee-jerk reaction isn’t the best reaction. Far too many times the response to these prominent threats is to immediately jump to the newest shiny tool. And far too many times the outcome is a shiny piece of bloatware. First, because the organization doesn’t have the resources to properly utilize that new tool. Second because the decision is reactionary and not based on an established risk management methodology. 

Adding more tools isn’t the answer to better security. Establishing sound fundamentals is the best strategy.

Just as you can’t build the walls of a house until the foundation is in place, sound cybersecurity needs something solid to build on. Working from the ground up allows you to be proactive rather than reactive in orchestrating defense-in-depth that can effectively secure your assets and meet compliance obligations today – and scale to support future growth and address evolving threats. 

The good news is that it’s never too late to gain a solid cybersecurity footing. 

Adding shiny new widgets won’t magically defend you. A more effective course of action is to develop, implement, and maintain a comprehensive information security program. Critically, that program should contain administrative, technical, and physical safeguards that are appropriate to your organization’s size and complexity, the nature and scope of your activities, and the sensitivity of your customer information. 

If you don’t have a team of skilled resources internally, get outside help. A reputable, experienced team of cybersecurity experts can guide you in establishing the key components of a comprehensive and integrated cybersecurity program. 

No, it’s not a quick fix. But a “rules before tools” approach to cybersecurity is undeniably effective. It sets the foundation for protection you can rely on when you need it most – removing the need to respond blindly. 

So, as you’re contemplating your next cybersecurity decision, resist the temptation of the latest gadget. Establishing the fundamentals for a sound cybersecurity program is the only reliable path to better security. 


Need help establishing the fundamentals of your cybersecurity program? Summit InfoSec Program services will guide you on the path to better security.

Share This Post

Related Articles

Cloud Financial Management - FinOps - Conceptual Illustration

Like many cyber-security crimes, bank account hacking is on the rise. A lot of people...

DoD Submits CMMC Rule to OMB: Feature

In today’s digital age, security and privacy are more important than ever, and as someone...

Tech Stack Blog 707 x 400

Big changes are coming for critical infrastructure entities. The Cybersecurity and Infrastructure Security Agency (CISA)...