From the InfoProtect 2010 seminar.
No detailed information, but here I drop some juicy notes.
“Security is less important than performance.”
“Operational Security is a business support function, you have to accept it.”
“Operational Security is different than IT Security.”
“To comply or to be certified doesn’t means you are efficient.”
“Conformance is not compliance.”
“Before doing a Security Awareness, read a marketing book”
Start with Incident management and then only, when you have a good overview, check / update your policies and risk assessment.
IT security people are bad in negotiation regarding their Senior manager(s). You really have to fight for budget, but focus on Business perspective, be less technology oriented.
See the risks but focus on the solutions.
4. (Almost) New threats :
- Fuzzy network borders
- Wild outsourcing initiatives
- Massive virtualization
- Data avalanche / data deluge
- Collaborative Networks
- Pervasive computing
- Bring your device at work
- Social networking, resources tracking, systems density, …
- Regulation (IT Sec and Business are more concerned by Auditors than Black hats)
- Stakeholders expectations
You have a light to help you into the dark … see the light ?