Sunday, June 17, 2018

Dr. No


The meaning of security has different viewpoints depending on whom you ask in the organization.  Compliance to meet certifications requirements, meeting legislative, regulatory (or industry) requirement, safeguard the visibility and accessibility of personal information, a set of non-functional requirements for implementing the appropriate controls.  I have witnessed the differing definitions in many of the businesses I have consulted for over the years.  I describe it as an incohesive mess devolved into twisted competitiveness for funding, headcount, and the fighting for the position of prestige within the organization.  

This negatively impacts and splinters the focus and purpose of Security as a business partner and a positive change agent.  The difficulty lies in the consensus of how to fuse vying priorities and approaches to support the organization's vision and goals.

It seems evident that Security should be about advising the business on what path to take to improve its capability and performance in delivering the organization's goods and services.  Informing and providing business intelligence that draws on compliance, privacy, and tactics, techniques, and process for safeguarding the essence of the business so that it can continue to be innovative with the freedom to diversify its capabilities.  

It is time to squash the tendency of being seen as nothing but neighs sayers and roadblocks.  To do this, we need to know what we're up against and the significance it can have on the business.