Secure to the Core
You don't have to be a statistician to know that computer-related crime is on the rise, and as society grows more dependent on information systems, our risks increase proportionally. Despite substantial progress, the infosec challenge is simply not being met. The problem stems partly from technology shortcomings riddling the systems we're trying to defend, partly from a lack of executive support, and partly from our lack of understanding of our true resource requirements.
But the biggest problem, quite frankly, is that we're doing it wrong. Many security strategies are technology-centric. These efforts will fail because without strong policies, processes and strategies will remain fragmented and unjustifiable. Other security strategies are policy-centric. These efforts will fail without the addition of process and technology components, because technical controls are the key to monitoring and enforcement. Truth No. 1: A holistic approach that balances policy, process and technology is paramount to a successful security program.
[ Read more ]