Feature

Security 7 Award winners tackle important information security issues

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."

Download it now to read this article plus other related content.

 

security for the masses
Primary Care by Michael Mucha
 

A lot of this is the fault of security professionals. Far too many of us see security as an end unto itself. Many don't realize that simply finding a policy violation does not equal success. It's no wonder those outside of security often treat security as some weird realm to be entered at your peril. This attitude places an upper limit on meeting security requirements, because security activities are generally viewed somewhere between necessary evil and unnatural act. The security team walks into meetings with the de facto goal of serving as a random requirements generator lobbing overhead onto the project, rather than consciously moving the business forward by solving problems using a specialist's toolkit.

Some people, when given a hammer, would rather hit someone with it instead of using it to build a house.

In our corner of the enterprise world, the security team is composed of Security Conscious Problem Solvers (credit my enterprise security architects Bryan McDowell and Barbara Vibbert for this phrase). We're here to solve business problems, and recognize that when your eye is on the ball of customer satisfaction, revenue, scalability, connectivity, etc., you

    Requires Free Membership to View

can miss out on the need to cover security requirements as well. Security work needs to promote business needs, not just implement some set of rules that looked good in the abstract when someone wrote them down. The intent of the rules needs to be understood. The rules need to be clear and repeatable as much as possible.

The security team always needs to be open to the possibility that the rules are wrong and need to be changed. That's harder than saying "No" formulaically, but it's sustainable in the long run.


btw...

not so twitter-iFIC
"It's a service to subscribe to interruptions."

ipods are for...
"Most of the time, it's iTunes U, tech and science podcasts. Duguid's History of Information class at Berkeley is an eye opener."

cross-country devotion
Favorite sports franchise: University of Miami Hurricanes

just plain folk
If there's still room on his iPod, chances are there a few Neutral Milk Hotel tunes to be found.

This was first published in October 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: