1 post • joined 24 Feb 2009
A voice of reason
This is one arcticle that every security professional should read. The reason why security legislation and regulation fails to gain traction is a simple case of failing to understand how the business operates.
We talk about security as a separate activity, but this leads to it being seen as a cancer on business performance, with it eventually encroaching on every activity until is impairs the performance of the business.
Take ISO-27001:2005 for example, it mandates the creation of an Information Security Management System which can (If implemented properly) be used to manage all types of risk (Credit, Health and Safety, Financial etc) but it rarely does. The PCI-DSS is another example where people are employed (What does a Business Analyst actually provide over a good consultant BTW?) just to understand what the business does, because the security professionals aren't perceived to be able to. PCI-DSS projects, in particular therefore become focussed on the technology rather than the management of risk surrounding payment card information.
We need to throw the technical-focussed perception off ourselves, and free our minds to actually look towards understanding and supporting business objectives and processes to defined appropiate security mechanisms that support the management of risk within the organisation.
The main problem is that all of this intangible and requires time and effort which many companies don't see the benefit in expending, but the fact is that this is the reason why the credit crunch has happened and we need to use lessons learned to create a new perception about the usefulness of corporate governance.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Pic 7 AMAZING experiments set for Mars Rover 2020 – including oxygen generation
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low