Here’s an interesting question for you to think about: What’s the relationship between security policy and security architecture in your organization? I mean, how related and/or connected do you think they are? True story: In one of the organizations I work with, they actually had a fairly good structure and scope to their information security […]
The two key dimensions of Agile Security
Some people think agile is about going fast and being unconstrained by processes. That’s part of it, but that aspect alone is also not that far from the definition of anarchy: a state of disorder to due the absence of authority. What agile is really about is being able to make effective decisions, and that […]
Do you really want security making business decisions?
This was a topic that came up during one of today’s sessions at COSAC. Originally, it was about software developers making business decisions because they weren’t aware (or chose to ignore) key business or legal requirements when they were actually implementing the software that runs the business. Now there’s a lot of issues with this, […]
Hell, no! I don’t care about your security policies!
Ever get the feeling that this is really what your business and IT customers are saying to you whenever you’re sitting in that last-minute security review and you catch them in violation of the security policies you know have been published for at least 6 months—and which they’ve had to go through (probably mind-numbing) mandatory […]
Wisely wielding the power of organizational mind control
Yesterday, I let you in on one of the biggest secrets of security: that the primary role you have in delivering your mission and purpose of security is creating and maintaining the organizational security policies. Today, I’m going to let you in on the biggest secret of security: You have the power to control the […]