Two nuggets of Wisdom
One of the other authors of Visible Ops Security recently sent the following two nuggets of wisdom while sitting in an airport that resonate with me more than ever:
"1. Sustainable information security is not possible by exectuve mandate alone. Information Security must integrate with other functional groups to mutually achieve business objectives.
2. In the same regards that only Nixon could go to China, information security must take the initiative to reach out to these groups, integrate into their daily operations and enable them to achieve their objectives while information security achieves their own."
Thanks to George Spafford for these great insights.
Visible Ops Security discusses these things in-depth, but they are important enough to draw out seperately. If we approach security as a service, with customers that need attention, we can remove the historical stereotype of the Information Security group as one who stops things on a whim and more of a business integrated function. Security can not succeed long term if it is based on a mandate, as that is only effective as long as the person mandating it is in power and only as long as security is a primary consideration. If you integrat security into business processes, you have a much longer term solution.
On another note, the three authors of Visible Ops Security were at RSA signing books. It was wonderful to meet other security practitioners (thanks to those of you who stopped by.)
Comment Notification
If you would like to receive an email when updates are made to this post, please register here
Subscribe to this post's comments using
Comments