I've been thinking a lot lately about Security and how it affects our daily life. Both as end users of security products and those who implement and maintain Security systems.
As end users we are often held captive by the solutions that we have chosen. Of course we have the option to move to something else, but for many that isn't a real option.
As Security Professionals we are also held captive by many things. If we are lucky we are in a position where we have significant input into what solutions are chosen and how they are implemented and maintained. More often than not we inherit what is already there or have to take what is given to us.
We're also affected by decisions that are made by other departments or by management. Decisions that we often have no control over and no input into. Decisions are made that go against policy or good security practice because it is easy and isn't considered to be a "real" risk.
Things such as this are not going to stop until we are able to change the attitudes of those we work with. We have to change the way we do security in order to change attitudes. Users view security as being a hindrance to getting their job done. Management views it as a "necessary evil" to meet compliance requirements.
Part of the reason is that we are still doing security the same way we did when security wasn't the hot topic. We have been playing catch up and it has affected everything. We do security better in some ways, but actually more efficient is a more accurate word. We still implement systems and policies that continue to make life more secure, yet also more difficult for users. When we change our focus to learning new ways to do security and when we seek to engage our users we will change their attitudes and therefore make things more secure by default.
Technology will never solve our security issues. It will take more than technology, it will take a change in attitude for both the end users and professionals. Why not be an early adopter and lead the way in making a change.
Security's Everyman
Monday, March 05, 2007
New Security
Posted by Andy, ITGuy at 8:13 PM
Labels: Andy ITGuy, information security
New Security
2007-03-05T20:13:00-05:00
Andy, ITGuy
Andy ITGuy|information security|
Subscribe to:
Post Comments (Atom)