Readers of The State of Security enjoy a plethora of valuable perspectives on the ever-shifting IT security landscape from the variety of highly-qualified and thought-provoking contributors.
As the person largely responsible for IT security at Tripwire, an IT security company (it’s not just a job, it’s an adventure!), I’ve pondered over the last few weeks what I should add to that conversation.
My initial thought was along the lines of providing “the view from the trenches.” As the person charged with keeping Tripwire secure I can offer the perspective of the practitioner: how does Tripwire connect security to its own business?
As President of the Portland chapter of the Society for Information Management (SIM), I have a lot of conversations with colleagues at other organizations of all sizes. We all face the challenge of trying to satisfy 10 lbs. of demand for IT with only 5 lbs. of IT supply.
In light of that, how does Tripwire go about prioritizing security activities, projects, and investments?
With additional thought, though, I decided “the view from the trenches” sends the wrong message. We’re long past the time when digging a trench and keeping your head down in the hope that you won’t be a target is the best approach for your business or yourself as an IT and/or security professional.
“Connecting Security to the Business” is all about getting out of the trenches and engaging stakeholders in all parts of the organization in meaningful conversations (with an “s,” meaning more than one!) about business risks, the consequences associated with those risks, and what combination of policies, procedures and technologies the organization will bring to bear to mitigate them.
So, I hope you’ll join me as I explore – and offer my perspective on – the hills and valleys of the ever-changing IT security landscape that we’re all trying to successfully navigate. There’s much to see, but only after we climb out of the trenches!
Image courtesy of ShutterStock