1 post • joined Tuesday 24th February 2009 13:32 GMT
A voice of reason
This is one arcticle that every security professional should read. The reason why security legislation and regulation fails to gain traction is a simple case of failing to understand how the business operates.
We talk about security as a separate activity, but this leads to it being seen as a cancer on business performance, with it eventually encroaching on every activity until is impairs the performance of the business.
Take ISO-27001:2005 for example, it mandates the creation of an Information Security Management System which can (If implemented properly) be used to manage all types of risk (Credit, Health and Safety, Financial etc) but it rarely does. The PCI-DSS is another example where people are employed (What does a Business Analyst actually provide over a good consultant BTW?) just to understand what the business does, because the security professionals aren't perceived to be able to. PCI-DSS projects, in particular therefore become focussed on the technology rather than the management of risk surrounding payment card information.
We need to throw the technical-focussed perception off ourselves, and free our minds to actually look towards understanding and supporting business objectives and processes to defined appropiate security mechanisms that support the management of risk within the organisation.
The main problem is that all of this intangible and requires time and effort which many companies don't see the benefit in expending, but the fact is that this is the reason why the credit crunch has happened and we need to use lessons learned to create a new perception about the usefulness of corporate governance.
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- iSPY: Apple Stores switch on iBeacon phone sniff spy system
- Chinese gamer plays on while BMW burns to the ground
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- How UK air traffic control system was caught asleep on the job