Some people think agile is about going fast and being unconstrained by processes. That’s part of it, but that aspect alone is also not that far from the definition of anarchy: a state of disorder to due the absence of authority. What agile is really about is being able to make effective decisions, and that […]
A security architecture lesson from 19th century midwestern housewives
Yesterday, I was having a variation of a conversation that I’ve had with loads of security leaders and architects in various parts of the world over the years, and it’s a conversation that centers around how to “find the time” to be more strategic in your security architecture efforts. There’s a couple of things at […]
Don’t be the hungry security puppy
Have you ever been really focused on something, and no matter what you did, you didn’t seem to get any closer to it? I mean, damn it! It’s right…there. But I can’t get it. I mean, I want it. I know I want it, but…nope. Maybe if I just tried this… This scene was pretty-much […]
Ever wanted a SABSA vocabulary for the CIS20?
It seems like you can’t swing a cat without bumping into the CIS20 when you talk to people about their security programs. It’s one of the things that comes up far more often than ISO 27000, and even more often than the NIST CSF, but that seems to be changing a little. I have to […]
“Just winging it” is for birds, not your security program
How much of your security control environment has been driven by, basically, “it seemed like there was a gap” or, “it seemed like a good idea” instead of being traceably linked to real business requirements? Now, how many of those controls are the same ones that the user community complains the most about? Hmmm….any correlation? […]
- « Previous Page
- 1
- …
- 23
- 24
- 25
- 26
- 27
- …
- 29
- Next Page »
