QOTD on Security & The Board

The challenge faced by many security professionals today is not that technology is less secure than in the past; it’s more that it’s being implemented without sufficient due diligence. This may be because traditional security practice is perceived as being too slow and onerous, and organisations are actively deciding they don’t want to miss the boat and are prepared to take the risk. Or, it may be because senior business managers are being ignorant and in denial of their responsibilities. The fact is that if something goes wrong, the consequences have to be dealt with by business people, not the techies. But do your senior business execs really understand the extent to which they are responsible for the information held by your organisation?
[...]
If we insist on starting with technology, we will always be running after the curve. But at least if we start with people and process, and remember this is fundamentally about the information businesses use on a day-to-day basis, we give ourselves an anchor point to which we can return whenever things change.-- Jon Collins, Freeform Dynamics analyst
Src: Security: Get the board on board - 27 Apr 2010 - Computing

No comments: