Road trips were not something I was acquainted with in my youth. I recall being in grade school and pleading with my father, "Can we take just one trip in the Oldsmobile like other families do?" My wife however, fondly recalls cross-country road trips during her formative years. Now, with children of our own, we have continued my wife's family tradition of piling into the family vehicle and heading to a new place to discover. When laying out this year's road trip, I began to realize how differently the planning portion of trips has become with teenagers versus younger children. The standard protocol previously required infant seats, special food, and other necessary supplies—oh, and don't forget the toys! Today, the default checklist looks very different. It appears to center around data connectivity and the ability to stream music from a cloud. Sure, food and drink are still included on the planning checklist, but the specificities are much less rigid. I guess you could say, what we accept as our baseline standards for family travel have shifted to align with the current needs of a family with two teenagers.
In the information technology field also, I feel as though I am witnessing a shift in baseline standards — specifically, security-related standards. With the release of the draft Special Publication 800-63B by the National Institute of Standards and Technology (NIST), a shift in strategies for authenticating to digital systems has been laid out for federal systems. After reading the publication, some may reach the conclusion that a number of longstanding security parameters can be eliminated. However, much like my family's road trip needs have changed over time, so too, do organizations’ information security needs change. Sometimes, needed changes are obvious; other times, we need to step back for a moment and evaluate things from a different perspective.
Performing regularly scheduled assessments of your institution's information systems assists the organization in evaluating risk and allows for making adjustments that can align that risk. Wipfli's cybersecurity team keeps up on the latest trends and regulations. Let us assess whether your road trip is on track for a smooth ride.
Rest assured, the family vacation will involve a road trip again this year. However, the question that remains to be answered is, “Who is going to be allowed to make the music playlist?” If only NIST had a guiding document to be used for making that decision—because rock, paper, scissors just doesn’t have the same finality that it once did!