We talk a lot about user security awareness.
But awareness is never enough.
I might be aware that you forgot to close the window on a rainy night. This won't help unless I care to close it or remind you. I might be aware that my password could be misused by a malicious individual. This won't help unless I care to make an effort to protect it.
I must care enough to do the right thing when it would be easier not to. I must be committed. So, let’s stop parroting awareness as an end goal. It’s not.
(some of) my events
- 2023-05-11 Certifierad IT-arkitekt (guest lecturing, Stockholm)
- 2023-01-16---05-28 Sound Engineering I (taking course, Örebro University)
- 2022-11-07---01-13 Measurement Theory and Philosophy of Value (taking course, University of Gävle)
- 2022-12-05 Datavetenskapliga programmet (guest lecturing, University of Gävle)
- 2022-12-01 Riskförmiddag with Riskkollegiet (lecturing at seminar, Uppsala University)
2014-04-28
2014-04-24
applying principles for societal security
10 principles/challenges from @msbse at @FolkochForsvar, several of which directly applicable within Information Security Mgmt. #fofsem
— per stromsjo « (@stromsjo) April 24, 2014
At a FoF seminar, The MSB today suggested 10 principles for societal security.I interpreted eight of them for InfoSec Management.
- earn and maintain trust among stakeholders
- communication is an indicator of a safer organizational systems environment
- readiness begins and ends with the individual coworker
- incident prevention can be made more effective
- critical services must remain available
- information security is everybody's business
- manage dependency on external suppliers
- a system transcending trust boundaries can only be managed in a concerted effort
2014-04-07
no silver bullet
There's an entire industry based on the assumption that Security Management is about fancy technology. The latest and greatest product, the silver bullet which will finally turn the tide and help us defeat adversaries once and for all.
Yawn.
To me, it's all about people. The folks who envision, design, build, deploy, operate, evolve, maintain and - when that day comes - decommission the system in a controlled fashion. Most importantly, the Owner who remains accountable throughout the system's life-cycle.
Yawn.
To me, it's all about people. The folks who envision, design, build, deploy, operate, evolve, maintain and - when that day comes - decommission the system in a controlled fashion. Most importantly, the Owner who remains accountable throughout the system's life-cycle.
Subscribe to:
Posts (Atom)
20230209