• Strategy
  • Risk
  • Governance
  • Compliance
  • SABSA®
  • Login

Archistry

exceptional performance since 2006

  • Home
  • About
  • Courses
  • Bookstore
  • Glossary
  • Contact
You are here: Home / Archives for Security Policy

May 12, 2020

How to turn 53,426 words of security policy into usable security architecture

Here’s an interesting question for you to think about: What’s the relationship between security policy and security architecture in your organization? I mean, how related and/or connected do you think they are? True story: In one of the organizations I work with, they actually had a fairly good structure and scope to their information security […]

Article by Andrew Townley / Archistry Daily / Agile Security, BESA, Policy Architecture, Policy Engineering, SABSA, Security Policy Leave a Comment

April 12, 2020

How to handle COVID-driven cloud questions

Instead of taking the day off for parades and pubs (especially if you’re in Dublin), this St. Patricks Day may find you faced with a whole new array of cloud security questions driven by the work-from-home directives and necessities of the communities in which you live and work. And, even if things have started to […]

Article by Andrew Townley / Archistry Daily / Agile Security, Cloud Security, Crisis Management, ESLC, Policy Exceptions, Psychology, Security Architecture, Security Policy, Security Skills, Stakeholder Engagement, Stakeholder Relationships Leave a Comment

February 29, 2020

Why you need to become “besties” with policy exceptions

If there’s one thing that I think causes the most conflict between security and “the business”, it’s trying to figure out how to deal with policy exceptions. Now, in some cases, organizations have this pretty well dialed out—but based on my observations, I’m not really sure they truly understand why this is the case. So […]

Article by Andrew Townley / Archistry Daily / Agile Security, BESA, Security Architecture, Security Policy Leave a Comment

January 30, 2020

I said…read the damn policy—or the puppy dies

I get it. I really do. The old saying of “You can lead a horse to water, but you can’t make him drink,” seems to be one of the most frustrating truths in security. I remember on one particular, highlight politicized, multi-vendor public sector project I was on, it was enough to literally make me […]

Article by Andrew Townley / Archistry Daily / Agile Security, BESA, SABSA, Security Architecture, Security Policy, Stakeholder Engagement, Stakeholder Relationships Leave a Comment

September 27, 2019

Wisely wielding the power of organizational mind control

Yesterday, I let you in on one of the biggest secrets of security: that the primary role you have in delivering your mission and purpose of security is creating and maintaining the organizational security policies. Today, I’m going to let you in on the biggest secret of security: You have the power to control the […]

Article by Andrew Townley / Archistry Daily / Agile Security, Policy Engineering, Requirements Engineering, Security Policy Leave a Comment

  • 1
  • 2
  • Next Page »
  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • The real difference between architecture and engineering
  • The myth of the isolated project
  • The boneyard of failed architecture initiatives
  • To re-architect or not to re-architect your security controls
  • Afraid up-skilling your security team will train them for their next job?

Looking for something else?

Archistry

Practice Areas

  • Strategy
  • Risk Management
  • Corporate Governance
  • Compliance
  • SABSA®
  • Home
  • About
  • Courses
  • Bookstore
  • Glossary
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2023 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall" and "Archistry Execution Engine" are trademarks of Archistry Limited.