Here’s an interesting question for you to think about: What’s the relationship between security policy and security architecture in your organization? I mean, how related and/or connected do you think they are? True story: In one of the organizations I work with, they actually had a fairly good structure and scope to their information security […]
How’s your hope/commitment ratio looking today?
I swear in the last 5 days, I must’ve seen either direct or indirect references to the Stockdale Paradox that I spoke to you about some 15 days ago more than a dozen times. So, I figured it’d be worth saying something about it once more since the general sentiment seems to be on people’s […]
When your security architecture gets sucker-punched
Yesterday, I mentioned going through all those reference architects and architecture examples. And another thing I found was something else I really don’t like: The assumption that control library deployments is all the “security architecture” you really need. Obviously, if you’ve been around for long enough, you know this is true. Control libraries are…well, they’re […]
Security architecture confusion
I’ve been looking at a lot of “security architecture” recently, including some live, organizational architectures, some “off the cuff” things that I’d call security architecture “sketches”, and some formalized, published reference architecture models. And it hit me when I was taking a break, sitting in the fleeting sunshine this afternoon and listening to some Jimi […]
Why “security” may only be doing part of the job
One of the biggest problems in security that comes up over and over again is trying to demonstrate the value of what we do. After all, to the majority of the people, we’re just a cost center. As the old saying goes, they’re giving us money… …so that nothing bad happens. As I’ve alluded to […]
- « Previous Page
- 1
- 2
- 3
- 4
- …
- 13
- Next Page »
