This “zero trust” thing is really starting to get out of hand. It’s clearly the newest security drug everyone seems to be pimping on every street corner—from vendors to advisors to the media. “Pssst….hey buddy. I know they say you can’t buy it, but…wanna fix?” The reason it’s so important to get these low-class dealers […]
The mad magic of middle-out architecture
You might remember me talking about the 3 different kinds of security architecture you’re really going to need to build – or, more correctly, discover – as part of the process I call architecture archaeology. Two of them are probably pretty-familiar to you, because we tend to use them all the time as either excuses […]
Confessions of a process virgin
I’ll never forget a question that stopped me dead in my tracks early on in my days teaching the official SABSA Foundation course: “But, how are we supposed to figure out what the organization does?” a budding enterprise security architect piped up when we were going through the details of the How column. And it […]
Bite-sized agile security
Turning theory into practice is always tricky—especially when it’s your first time. And with security architecture, the biggest problems you have aren’t really about security architecture at all. They’re about dealing with all the other problems that you have to suddenly stop ignoring if you’re going to change the way security is actually delivered. Because […]
Policy grinder
Polices. Everybody has them, and whether they’re good or bad is actually irrelevant. Because if you want to practice real security architecture in your organization, you’re going to have to eventually bite the bullet and do something with them. If you want to keep them, you have to be able to prove they actually support […]
- « Previous Page
- 1
- …
- 11
- 12
- 13
- 14
- 15
- …
- 29
- Next Page »
