This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."
Download it now to read this article plus other related content.
security for the masses
Security cannot be a discipline unto itself; it must serve all entities in the
Sensing that the particular moment wasn't right for a speech on security philosophy, I quipped, "You know, it wasn't a problem because the lasers didn't activate." This drew hearty laughs.
This anecdote illustrates a commonly held belief that security is not a meta-discipline that serves all walks of enterprise life, but rather that "security is what security people do." Lay people, i.e., those who aren't full-time security pros, tend to think about security to the extent that security people bug them about it. Security is a bunch of paranoids creating ridiculous things with lasers and so forth, while the business moves along on its own.
This was first published in October 2008