Headwall Security
  • Home
  • Thought and comments
  • Security Awareness Survey
  • Resources
  • PCI
  • webmail

Post Title.

5/3/2011

0 Comments

 
I have spent a lot of time, as of late, working on policy. This has helped me to realize two things. First and foremost that poor policy, or lack of policy really will undermine all of the other work that can be put into an information assurance program. Second is that behind every policy there needs to be adequate education. 

This second point I can not emphasis enough. I am finding that it is not simply a matter of educating people about the new policies that are being passed but that there is a level of education that needs to happen before the policies are passed so that the policies are written properly and to the correct audience. I come from healthcare and industry. Now, working in academia I find that the change controls that were appropriate for industry are different than the change controls we would use here at the school. That said, I also am finding that I need to educate the people I work with about the value of ITIL so that we may find a happy medium. 


On a separate note I wanted to mention the business that has been going on in Washington. and around the world. First the most obvious world news. With the death of Binladen I think that we in the security space need to keep an eye on the horizon for the potential of a cyber backlash. As they say, for every action there is an equal and opposite reaction. It the past this could have been assumed to have been a physical attack but since 9/11 we have clearly seen an increase in cyber warfare and it would not be unheard of for the response to this action to be a cyber attack. While I applaud our Military for this success I wonder what the response might be.

In other news I look to Capitol Hill and welcome the bill proposed by Kerry and McCain on Commercial Privacy Bill of Rights. I think this type of legislation, while it certainly will make the work we as security professionals much harder, is the right step for the consumer and for the industry. The more standardization we can get in this type of legislation the better off we will all be. It would be nice if Congress would work to unify some of these laws and to repeal some of the out dated laws so that we could consolidate some of our compliance efforts. I know this will never happen but the ideal is a nice one.
0 Comments



Leave a Reply.

    Ian Burke

    I have been doing information assurance and security work for many years with a focus on network security monitoring and incident handling. I have been working in IT for more than fifteen years with a focus on architecture and systems.

    My lovely wife and I spend time with our five kids at our home in the North East.

    Archives

    June 2018
    February 2013
    May 2012
    August 2011
    July 2011
    June 2011
    May 2011
    April 2011
    March 2011
    February 2011

    Categories

    All

    RSS Feed

Powered by Create your own unique website with customizable templates.