On a recent call, one of the smartest technical folks I can name said something that made me reach for a notepad, to take the idea down for further development later. He was talking about why some of the systems enterprises believe are secure really aren't, even if they've managed to avoid some of the key issues.
Let me explain this a little deeper, because this thought merits such a discussion.
Down the Security Rabbithole, The Blog
This is a collection of my thoughts and ideas, and anything expressed here is unrelated to anything in real life and does not represent opinions of clients, employers or colleagues. If it feels a little bit like stream-of-consciousness, it probably is.
Wednesday, September 24, 2014
Friday, September 5, 2014
Managing Security in a Highly Decentralized Business Model
Information Security leadership has and will likely continue to be part politicking, part sales, part marketing, and part security. As anyone who has been a security leader or CISO in their job history can attest to, issuing edicts to the business is as easy as it is fruitless- Getting positive results in all but the most strictly regulated environments is nearly impossible. In high centralized organizations, at least, the CISO stands a chance since the organization likely has common goals, processes, and capital spending models. When you get to an organization that operates in a highly distributed and decentralized manner the task of keeping security pace grows to epic proportions.
Subscribe to:
Posts (Atom)