Managing information Security in an ever changing environment

Can a network be defended and secured?  Of course, observe the red team / blue team activities that are executed by businesses, governments, and at conferences.  There is one catch, these do not reflect reality.  Businesses are living networks and under constant change either directly encouraged or indirectly effected by the windows of the market and universe as a whole.

A fine quote that brought this to bear for me was published in an NSA publication stating: “One simply must realize that while the search for the right foundations proceeds, construction will continue.” where the article describes how the Duomo in Florence was built without an understanding of how to build the planned dome at the top.  That is akin to information security today – the challenge and task of information security is to build and execute a security program that reflects that the business is in constant development, and we will not always “know” what is effective for where we are going.  Think Mobile and Cloud security as the current sources of concern and challenge.

The takeaway is to recognize that the standards organizations build their security programs upon (ISO 27001, NIST) and are regulated / audited against (PCI DSS, NERC/FERC) are in themselves in a constant state of change.  This is only matched by the dynamics of the changing foundations of what information security is protecting (mobile, cloud, etc..) and the market demands placed on the organization.  Being still is not the answer, but instead iterating rapidly with a conscious focus on the strategy of the organization with an enabling security program will enhance the longevity of the organization and the relative effectiveness of the security compliance program itself.

NSA Article referenced:  “Cybersecurity: From engineering to science” by Carl Landwehr

Other thoughts?

James DeLuccia IV

About these ads

One response to “Managing information Security in an ever changing environment

  1. A good analogy, regarding Il Duomo. And what a beautiful one, at that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s