PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
September 2003

The four P's of information security success

Security maven Bruce Schneier is famous for saying, "Security is not a product; it's a process." He's correct, but only partially. Security is about four "P's": People, Policy, Process and Product. Doesn't matter if you plop down $300,000 for the world's best firewall; it's just another bump on the wire without a governing security policy and fully cooked process for configuration and administration. Each security professional must address all four P's, though not in equal parts. CISOs spend a lot more time on people and policy issues, while security admins focus on process and product. If you had to pick, which "P" would you say is most instrumental to security? You might argue for policy; perhaps you'd say product. It's neither. People are what make or break your security program at each layer of your organization. For security to succeed, executive management must drive a culture of individual security accountability. For security to succeed, infosecurity managers must counsel their higher-ups and guide smart policy decisions...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue