|
security for the masses
Primary Care by Michael Mucha
A lot of this is the fault of security professionals. Far too many of us see security as an end unto itself. Many don't realize that simply finding a policy violation does not equal success. It's no wonder those outside of security often treat security as some weird realm to be entered at your peril. This attitude places an upper limit on meeting security requirements, because security activities are generally viewed somewhere between necessary evil and unnatural act. The security team walks into meetings with the de facto goal of serving as a random requirements generator lobbing overhead onto the project, rather than consciously moving the business forward by solving problems using a specialist's toolkit.
Some people, when given a hammer, would rather hit someone with it instead of using it to build a house.
In our corner of the enterprise world, the security team is composed of Security Conscious Problem Solvers (credit my enterprise security architects Bryan McDowell and Barbara Vibbert for this phrase). We're here to solve business problems, and recognize that when your eye is on the ball of customer satisfaction, revenue, scalability, connectivity, etc., you can miss out on the need to cover security requirements as well. Security work needs to promote business needs, not just implement some set of rules that looked good in the abstract when someone wrote them down. The intent of the rules needs to be understood. The rules need to be clear and repeatable as much a...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
s possible.
The security team always needs to be open to the possibility that the rules are wrong and need to be changed. That's harder than saying "No" formulaically, but it's sustainable in the long run.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] btw...
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
not so twitter-iFIC
"It's a service to subscribe to interruptions."
ipods are for...
"Most of the time, it's iTunes U, tech and science podcasts. Duguid's History of Information class at Berkeley is an eye opener."
cross-country devotion
Favorite sports franchise: University of Miami Hurricanes
just plain folk
If there's still room on his iPod, chances are there a few Neutral Milk Hotel tunes to be found.
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
|
 |
|
