Knowing What You Don't Know
Security professionals turn dangerous when they start making decisions on questions they don't fully understand. It's not just the disgruntled employee that can wreak havoc, the ones that don't know their own limitations are a problem, too.
Lisa Vaas' When Security Staffers Fail Up starts with a disgruntled IT staffer that ran his employer's business into the ground after the employee convinced the company to use his home systems to host an employee database. That story will grab your attention but even more telling of a common problem is the C-level exec who insists on making decisions about which products to purchase.
C-level execs are responsible for business strategy, keeping IT in synch with business operations and plans, not making technical assessments. Even if execs started in the trenches, they need to remember the trenches change after they leave. The best person to make the call on technical issues is a technical staffer. At the same time, those on the technical side would do well to remember the best technical solution may not be feasible for budget or other reasons.
There are no superhero can-do-it-all types in information security. It's a team effort that succeeds when everyone attends to their responsibilities and lets others attend to theirs.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
