Undercover: A Painful Lack of Security

-
Here is another good article. The gist of the aticle is that a Security Executive is having a hard time finding a job. He interviewed with a CIO and had a good feeling. Eventually an executive with an engineering background was hired. I know that security is overlooked and put on the back burner when budget cuts hit home. However I agree that an executive with a engineering background was hired as the CSO. I.T. is in the Engineering and Operations business PERIOD!!!! Security is to support that business by following the CIA triad.

Let's examine the CIA triad. First we have Confidentiality, Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. Next up Integrity, In information security, integrity means that data cannot be modified without authorization. Lastly and most importantly, Availability. For any information system to serve its purpose, the information must be available when it is needed.

In my experience, many security professionals forget about availability. Hence the need to hire someone with an engineering background. Engineers think outside the box, they find mitigation strategies versus releasing untested patches and shutting down critical systems. If security were a CI duo, I can hire people to sit on a SOC (security operations center) for about 30k a year and I would not need a CSO. However given the importance of security, there needs to be a security officer that is a partner in the business of I.T. --not sand in the gears!

Comments

Post a Comment

Popular posts from this blog

I did something kind of a big. Applied for a Doctorate program @ GWU's Graduate School of Education and Human Development (GSEHD)

-
Image
So I applied, hope I make the cut!  My mother is my inspiration to better myself and help others at the same time. Back in November mom was sick, and we had discussed the subject of a doctorate and how to help organizations succeed. She said it was a great idea and she will live to see me graduate!  So when she passed in December, it took the wind out of my sails. I started to doubt myself and put off applying to GW GSEHD Executive Leadership Program.  Mom reached out to me (from the great beyond) and motivated me to apply --so I did.  I thought I would share an excerpt of my Statement of Purpose that was used in my application.  Mom and Me at Christmas (1988) __________________________________________________________________________________ In the 1980’s and 1990’s, my mother was a COBOL software developer. Growing up I would visit her office, and there I learned how to use Microsoft DOS and logon to bulletin board systems (BBS). From that moment, I was hooked on computers. I am Geral
Read more

The Internet is my Application!

-
Image
As you know I love my stickers, you can see I left some of my Amazon/AWS stickers on my personal MacBook –as they are a large Microsoft customer and re-seller! When you think about it, the cloud that is – why is the cloud called the cloud? Well back in the day the network/telecom engineers used a “Cloud” to portray the internet in their engineering diagrams. Fast forward a few years and we have X as a Service (IaaS, PasS, SaaS, etc.aaS) . We are using the internet for what it was always meant to be –a network of networks. Then I read this article in the NY Post about how the term Multi-Cloud is banned from AWS’ reinvent conference –and I ask "um why"? Competition drives innovation right? When I was at CNCF’s Kubecon last year –I got to see the demo god himself – @KelseyHightower rock the house with a demo on Google Cloud and AWS .   As Kelsey says it best “These (cloud tech) are just tools, focus on the big problem, the most important tool is sitting in the
Read more

The Business Value(s) of Social Networking Sites

-
Recently an EMIS team member posed the question of "What is the business value of social networking" (thank you Tom). How does IBM or the Government use a site like LinkedIn ( http://www.linkedin.com/ ) or FaceBook ( http://www.facebook.com/ ) as a business tool? Currently we [the people] gain the value. We do our LinkedIn and FaceBook activities, and maybe click on a partner's link and buy something. These sites are very popular as millions use them. So how can social networking sites (or the idea for an internal social networking site) be beneficial to companies like IBM? I am thinking along the lines of a Knowledge Management (KM) tool. ( hmmmm me thinks me have an idea for my Capstone project) Thoughts?
Read more