It's been far too long since I contributed! And: I know, I know, here's me hassling loadsa people in the community about not contributing ... then so not done it myself. For months!!!
Must be an age thing. Or might be an age thing ... I can't remember which!
Anyways, here (at least) is one new blog entry.
I thought I'd cover off the thorny issue of 'selling' a security policy to that 'C-level' person in your organisation.
Now I've been around the block so many times - I'm beginning to give pet-names to the cracks in the footpath here.
And the one thing that I've seen as I've sauntered along - over and over again - is sec techs getting all uber-frustrated, and bitter 'n twisted 'cause senior management just won't part with some long green when it comes to ... gasp! ... security?
Such situations most often occur as the result of either this internally- or externally-generated report clearly demonstrating that a visually-impaired driver in a truck 'n trailer unit could find their way through the firewall.
The other day this Senior Architect asked me about the relationship between those more technical aspects of security ... and whatever it is I think I did?
A very good question that - if poorly framed, yeah? Anyways, always ready to prove my superiority over a 'mere' architect, I gave him the following:
'Think of technology as the engine of information security? It has lots of moving parts, thingies going up and down; it's constantly being improved, updated and uprated - and it's always striving to drive information security forward...'
I've been asked by the wonderful people at in2securITy to mentor here about policy and complaince?
Um ... er ... first things first, I reckon, yeah? Just who am I then? I'd best be introducing myself!