We have many people who purport themselves to be cybersecurity "experts" who have no professional training in INFOSEC and Information Assurance.
They don't understand the interrelationships between Cyberwarfare, cyberintelligence and cybersecurity. They scream about how these things have to be separate silo's with separate power structures, when in fact, they have to be strongly integrated.
Usually these people are strongly tied to business interests who do not want any oversight over their business processes and oftentimes corrupt business practices. Oftentimes MBA's with no training in IT much less in INFOSEC or Information Assurance are making National Security decisions base on their individual economic gain. In most cases you find these business "process" managers don't want any oversight over the less than stellar lack of risk management and oversight of what they are doing.
Had they had proper Information Assurance Governance, Risk Management, Compliance, Auditing and Counterintelligence measures on the mortgage, banking and credit industries, these excesses of the lack of risk management would long have been seen and corrected. You would not have this economic disaster we presently have.
For INFOSEC, is effectively risk management or people, processes and technology. And that means in the area of people, the lack of control over risky and pure management theivery that has been going on within US Corporations would be controlled.
This is what is meant by Accountability and Transparency. Corrupt business elements would no longer be able to instill risk into systems without oversight from Information Assurance and INFOSEC experts.
So when you hear these false claims of security not extending to the business community for some reason or the other, it is only self serving. To manage risk, you have to have third party independent individuals do it. Much like CPA's do this in the financial industry today.
This is the scientifically managed (ie Management Science) enterprise of the 21st Century we are building. The days when a gang of individuals in suits can feel entitled to commit fraud on a massive scale as has been done in the mortgage industry, is over.
Middle level management are going to be replaced by risk management and decision support systems where engineers and analysts enter data and executives read the output. No middle management. No need any longer, they are being replaced by computer systems.
And these systems must be free from outside contamination due to lack of standards and best practices, what MBA"s call "leverage", how you can completely steam roll your clients as is being done in the mortgage and credit card industries. Where companies constantly breach contracts- change the terms of the contracts, without agreement from both parties. This illegal behavior by business is unconscionable. The independent control of secure computer systems and the regulation are a result of the mismanagement by business in industries that failed to exercise due diligence and exercise fiduciary duty to their shareholders.
RSA 2009: Why the Top U.S. Cyber Official is Losing Sleep
Melissa Hathaway has led an extensive review of the nation's cybersecurity. Her dreams are haunted by what she has discovered.
» View Article
We have many people who purport themselves to be cybersecurity "experts" who have no professional training in INFOSEC and Information Assurance.
They don't understand the interrelationships between Cyberwarfare, cyberintelligence and cybersecurity. They scream about how these things have to be separate silo's with separate power structures, when in fact, they have to be strongly integrated.
Usually these people are strongly tied to business interests who do not want any oversight over their business processes and oftentimes corrupt business practices. Oftentimes MBA's with no training in IT much less in INFOSEC or Information Assurance are making National Security decisions base on their individual economic gain. In most cases you find these business "process" managers don't want any oversight over the less than stellar lack of risk management and oversight of what they are doing.
Had they had proper Information Assurance Governance, Risk Management, Compliance, Auditing and Counterintelligence measures on the mortgage, banking and credit industries, these excesses of the lack of risk management would long have been seen and corrected. You would not have this economic disaster we presently have.
For INFOSEC, is effectively risk management or people, processes and technology. And that means in the area of people, the lack of control over risky and pure management theivery that has been going on within US Corporations would be controlled.
This is what is meant by Accountability and Transparency. Corrupt business elements would no longer be able to instill risk into systems without oversight from Information Assurance and INFOSEC experts.
So when you hear these false claims of security not extending to the business community for some reason or the other, it is only self serving. To manage risk, you have to have third party independent individuals do it. Much like CPA's do this in the financial industry today.
This is the scientifically managed (ie Management Science) enterprise of the 21st Century we are building. The days when a gang of individuals in suits can feel entitled to commit fraud on a massive scale as has been done in the mortgage industry, is over.
Middle level management are going to be replaced by risk management and decision support systems where engineers and analysts enter data and executives read the output. No middle management. No need any longer, they are being replaced by computer systems.
And these systems must be free from outside contamination due to lack of standards and best practices, what MBA"s call "leverage", how you can completely steam roll your clients as is being done in the mortgage and credit card industries. Where companies constantly breach contracts- change the terms of the contracts, without agreement from both parties. This illegal behavior by business is unconscionable. The independent control of secure computer systems and the regulation are a result of the mismanagement by business in industries that failed to exercise due diligence and exercise fiduciary duty to their shareholders.
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK