Security is a false premise
Complicated by context
Simplified by inaction
A philosophy in practice
Above all it’s a journey that unfolds over time
Architecture is more than the sum of it’s parts. It’s a vision. A context. Execution.
There is no:
There are only best practices traversing an ever changing landscape.
Reading this series is part of a desire to do well. Another voice to inform you on this journey.
Mr. Cyber says:
Know what is important and protect it with culture.
Assign one person ownership. Preferably not yourself.
Establish checks and balances.
Understand and educate others with empathy an a vision in mind.
What you secure today will be released in time. Understand the value of time and act accordingly and proportionally.
Mr. Cyber says:
Tools, vendors, and trust are not an Architecture.
A security culture must be justified in a business context. A vision and architecture that stands on it’s own. What is important? In what time frame? In what context, and to which roles?
A plan should be obvious and actionable. Classify some aspects as aspirational when required. If a risk is mitigated, it’s a solution.
A company is a complex community motivated to task when directed. Creating a community takes understanding.
Broker mutual motivation and validate through checks and balances
Mr. Cybers says:
Telephone Hacking is a social engineering crime. Afraid? Don’t be. There is a simple fix. Never let strangers drive you to a website alone. That’s it, kids! Apple, Microsoft, IRS, and most importantly, your bank will never call you. Period. It costs them too much! Don’t be a bad kid and do what they say. Ok?