Here is a great quote from Dan Geer, VP and Chief Scientist at Verdasys, that my friend, Shane Macaulay, recently emailed me:
“The central truth is that information security is a means, not an end. Information security serves the end of trust. Trust is efficient, both in business and in life; and misplaced trust is ruinous, both in business and in life. Trust makes it possible to proceed where proof is lacking. As an end, trust is worth the price. Without trust, information is largely useless.”
Dan is right on as usual. I am constantly preaching to our clients and to audience members when I speak about the security “process”. Like trust, security is a process not a single event. In life, I don’t believe anyone simply decides they trust someone and then always trust that person implicitly, rather, they constantly test and verify the trust and ensure it is still as high as it was before.
This process, applied to IT Security, is why we need to have metrics and plans in place within an enterprise. Enterprise security teams must Trust but Verify.
Related posts
Email This Post
Print This Post
You must log in to post a comment.