2014-09-22

build security in

Like any aspect of quality, system security is not bolted-on, it is built-in. What does it mean to build security into a system? Think people, processes and technology - in that very order.

Find the right people to envision, design, implement, deploy, operate, evolve, maintain and decommission your system. Equip them properly. make sure they remain committed to upholding security.

Let these very people create, execute and maintain robust usable processes for the system life-cycle.

The rest is technology.

2014-09-01

things will change

Information systems are often viewed from a static, technical perspective. What goes in, what comes out, what technical protective measures are in place? That's all good and fine. But things will change, in ways not foreseen.

Today's elegant static view will soon become obsolete. This is one reason why I'm more concerned about people and processes. When things change, how do we ensure that adequate security is being upheld? What administrative protective measures are in place? How do we manage risk?
20240205