Menu
Categories

The Security Dog has Caught the Car: Now What?

Published February 10, 2015 | By Dan Blum

In the tug of war between business units and security, Gunnar Petersen writes: “The security VPs win, quite a lot actually. There is something about a subject that is written about in the Wall St Journal every single day that gets C level and board attention.”

Security architects should take the mandate, and try not to blow this opportunity. Paraphrasing Gunnar:

  • Ask for smart things.
  • Plan around simplicity and scale.
  • Focus on right-sizing governance.
  • Do less and do it better.
  • Integrate systems.

Good advice! I’d also like to suggest not getting arrogant or over-confident. Security mandates are like pendulums – they swing in, but they will swing away. Today’s project champion that got funded to install an expensive new gizmo will be tomorrow’s “dog” seen to have wasted the company’s money.

Put back some of that mandate into supporting processes and tools that promote good security governance, and make sure to develop a good, risk-appropriate business case for all new initiatives.

Speaking of which, we posted the recording of our February 11 Security Governance 101 webinar.

Posted in Dan Blum
Subscribe to Blog Notifications...  HERE
Recent Posts
Search
Categories
Archives
Tags
Active Directory anti-malware APT audit authentication authorization blockchain breach CISO cloud computing cloud security compliance cryptography cyber-insurance cybercrime cybersecurity DLP encryption endpoint security FAIR federated identity governance IAM identity management incident response IoT malware mobile security NIST CSF OAuth PAM personal protection privacy privacy by design privileged access management privileged account management privileged identity management rational cybersecurity risk management RSAC security architecture security governance sharing social login vulnerability management