Lenny Zeltser on Information Security — Information Security Isn’t a Standalone Discipline

It’s easy for infosec professionals to become comfortable in the world of information systems, firewalls, security patches, and intrusion detection. We sometimes forget that we’re part of an ecosystem that’s supposed to help the organization achieve its corporate objectives. As Michael Cloppert put it, we should be active participants “in technical innovation, architecture, and the engineering process, making sure requirements are met in a way that balances risk with cost.”

I’ve been thinking about this quite a lot recently. A lot of the time my work is feels like information infrastructure security than information systems security. We sometime focus too much on protection a database or an application instead of taking a look at the overall goal of it. Each of those databases and applications and firewalls is part of an enterprise information system whose ultimate goal is business. Something I intend to correct in 2011.

Liked this post? Follow this blog to get more. 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Feel free to comment on this story directly above, but you can also go to copies posted to social media on the left, and reply to or comment on them there. Your responses via Twitter, Facebook, and Google+ will appear below.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)