We stress this approach, as it is the way to ensure that your security management is not driven by the fear, uncertainty and doubt principle. Furthermore, it gives us a goals based attitude that counters the ostrich principle of risk management.
In common with all security fields information security is non intuitive. Simple functional testing is not sufficient as any security claim implies that we prove a negative (no one can access this data without being on the 'entitled' list). The resolution is to examine the design and test sufficiently for the security assurance needed. This emphasizes the essential need for specialist staff's skills and experience with engineering techniques.
We have already outlined that even the requirements, policy or security objectives phase of any security task is undermined if security engineering experience is not used to think ahead. Unfortunately, these disadvantages may not be realized until later leading to very expensive costs in terms of security management, incident handling and ad hoc security measures.
The other benefit from this approach is that the work done is traced and reasoned. This allows it to transferred into your company and allows for certain changes that you may be able manage internally
| < Prev |
|---|
Who's Online
News Flash
-
Size Zero IT - Service Release
Flexible Computing's Latest Innovation on IT Development - Size Zero IT
We have created a new unique service to assist any established or start up company to develop new IT services. We can provide the following services for no startup costs;
Read more... Link -
10K Virtuoso's
Super Powered Hopeful Individual - Individually Capable of Changing the World
I was asked the other day 'What would you describe as the key aspect of an Enterprise Architect role?' and in a separate conversation 'What did you do before you got into IT?'After a little thought and watching an inspiring presentation by Jane McGonigal a 'Super Powered Hopeful Individual' because;
Read more... Link