Friday, March 14, 2008

More from Securiosis...

While Rich was away he brought in David Mortman who wrote this gem.

I think he hits the nail on the head and together with the article I linked to in my previous post, this is the future of Information Security.

I believe the take-away quote is this:

"However, compliance is not a technology problem — it’s a business problem which needs a business solution. By instituting sustainable business processes that effectively leverage people and technology, enterprises will become not just more secure but also compliant with current and emerging regulations."

I think that everyone involved in Information Security should read that, understand it and learn it off by heart. And then practice it.

Once we can define a process and what information is used in it, who does it and when it happens - bingo - we can secure the process from start to finish. Most companies I have worked in (and I have worked in plenty) have no formal process design and so would not be able to properly enforce Information Security properly.
Post a Comment