Here’s an interesting question for you to think about: What’s the relationship between security policy and security architecture in your organization? I mean, how related and/or connected do you think they are? True story: In one of the organizations I work with, they actually had a fairly good structure and scope to their information security […]
How to handle COVID-driven cloud questions
Instead of taking the day off for parades and pubs (especially if you’re in Dublin), this St. Patricks Day may find you faced with a whole new array of cloud security questions driven by the work-from-home directives and necessities of the communities in which you live and work. And, even if things have started to […]
Why you need to become “besties” with policy exceptions
If there’s one thing that I think causes the most conflict between security and “the business”, it’s trying to figure out how to deal with policy exceptions. Now, in some cases, organizations have this pretty well dialed out—but based on my observations, I’m not really sure they truly understand why this is the case. So […]
I said…read the damn policy—or the puppy dies
I get it. I really do. The old saying of “You can lead a horse to water, but you can’t make him drink,” seems to be one of the most frustrating truths in security. I remember on one particular, highlight politicized, multi-vendor public sector project I was on, it was enough to literally make me […]
Wisely wielding the power of organizational mind control
Yesterday, I let you in on one of the biggest secrets of security: that the primary role you have in delivering your mission and purpose of security is creating and maintaining the organizational security policies. Today, I’m going to let you in on the biggest secret of security: You have the power to control the […]
