Too often the burden of enterprise security is placed squarely on administrators' shoulders. Information security is a complex discipline in which everyone has a role, including administrators, general staff members, and managers.

Administrators play only one role required to successfully manage enterprise security. Among their duties is working to secure the computing infrastructure. As such, administrators need to be armed with the proper training, education, and tools to succeed.

What do you see as the major problems in online security today?

I think that the biggest problem in security today is that too many managers view it as solely a technology problem that can be solved by applying technological solutions.

I view security as an organizational problem with a technology component. You cannot separate the people from most security issues. Security solutions need to consider both people and technology. I see this oversimplification of security issues as one of the major problems facing us today.


What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level?

Coordinating the activities of people across an enterprise is one of the biggest challenges in protecting sensitive information across the enterprise. Security is a complex domain involving everyone in the organization to some degree. Making sure that people understand their roles and act accordingly is a challenging task.

What are your future plans? Any exciting new projects?

For the time being, I plan to continue helping organizations apply OCTAVE and manage their information security risks.