Rasing your security bar
Here is a nicely written article with a lot of common sense suggestions for frustrated security proffessionals as to how to get security embedded in their organisation.
There's a tendency sometimes to assume a "security by obscurity" posture and forget or minimize perceived risk. Why? Well, for a number of reasons:
There's a tendency sometimes to assume a "security by obscurity" posture and forget or minimize perceived risk. Why? Well, for a number of reasons:
- Security isn't a priority: With deadlines and commitments, who has time to think about security?
- Neglect: We haven't had a problem up to now, so we shouldn't have one in the future.
- Culture: The boss doesn't care; why should I?
- False sense of security: We're using Windows and keeping upgraded; it works at home, so what's the problem?
- The unknown: Not sure of what we've got and how it works, but since it works, don't mess with it.
The list can go on and on. These are the things that keep CIOs and security managers awake at night. Combined with the lack of awareness by the CEO, the board or other executive officers, building a budget case that includes risk mitigation (let alone justifying it) is extremely difficult. Oh, and by the way, these are clear signs that IT is marginalized in your organization.
All is not lost. This article contains a list of activities that, if used effectively, can assist security personnel in turning things around and begin getting security woven into the fabric of the organization
posted by Dwaine at 5/16/2005
0 Comments:
Post a Comment
<< Home