Inspiration & Genius – One and the Same

Why security pros fail (and what to do about it) – CSO Online – Security and Risk

Written by Steve Shead on December 7, 2010 Leave a Comment

Why security pros fail (and what to do about it) – CSO Online

Interesting article about the perception of information security, and the attitude of those in the security roles. It even gives ways and means to getting beyond some of the traps, pitfalls and brick walls we hit in not only owning information security, but convincing those above us that it is an important topic to be aware of.

There is a fine line between being the owner of security and being able to get buy in from executives on the cost, the impact and the necessity of swear words such as policy, process and procedure. More often than not it is seen as a money pit, a necessity that PCI or SOX dictate and that if we didn’t have those standards, we would not be spending that money. The reality is that is far from the truth. If we didn’t have those standards we would not have e-commerce. They are there to protect us, which is seen as forcing us into a corner. We need to change that perception to show the reality and we need to justify the security posture in terms of keeping the business operating – to name but one method of getting information in the right hands.

I found the ‘sky is falling’ paragraph somewhat interesting too. In my mind some of that is the passion of the security expert shining through, attempting to protect the business. That energy (which is required to survive information security) gets misconstrued at the non-tech level. One answer is having someone skilled enough between the passionate security guy and the non-technical level that can disseminate the information into exec speak.

The net-net for me is that the information security role is not fully understood by the business as much as the security practitioner does not understand the executive thought process. How the information is handled is going to change the playing field. Without the passion of the people behind it, we wouldn’t be able to do business.

That being said, there are some great ideas on how to deal with some of the more common issues we hit in getting security in the mainstream. It makes for great reading.

Posted in Tech | Tagged , , , , ,

Leave a Reply

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»

Genesis Framework

Genesis Framework for WordPress

Studiopress Themes

Scribble Theme - A Beautiful Frame For Your WordPress Website

Advertisements