Policy's blog

How to Sell ... Policy

Submitted by Policy on Tue, 03/07/2012 - 09:00

Okay, okay!

It's been far too long since I contributed! And: I know, I know, here's me hassling loadsa people in the community about not contributing ... then so not done it myself. For months!!!

Must be an age thing. Or might be an age thing ... I can't remember which!

Anyways, here (at least) is one new blog entry.

I thought I'd cover off the thorny issue of 'selling' a security policy to that 'C-level' person in your organisation.

'Think Outside That Regular Quadrilateral'

Submitted by Policy on Wed, 14/03/2012 - 21:57

Now I've been around the block so many times - I'm beginning to give pet-names to the cracks in the footpath here.

And the one thing that I've seen as I've sauntered along - over and over again - is sec techs getting all uber-frustrated, and bitter 'n twisted 'cause senior management just won't part with some long green when it comes to ... gasp! ... security?

Such situations most often occur as the result of either this internally- or externally-generated report clearly demonstrating that a visually-impaired driver in a truck 'n trailer unit could find their way through the firewall.

Is Policy, Compliance and Governance Important? Really?

Submitted by Policy on Mon, 12/03/2012 - 18:39

The other day this Senior Architect asked me about the relationship between those more technical aspects of security ... and whatever it is I think I did?

A very good question that - if poorly framed, yeah? Anyways, always ready to prove my superiority over a 'mere' architect, I gave him the following:

'Think of technology as the engine of information security? It has lots of moving parts, thingies going up and down; it's constantly being improved, updated and uprated - and it's always striving to drive information security forward...'