As much as I would have liked to start 2010 with a nice positive post, I'm going to have to start with a bit of a whinge. What is it about the subject of security that means that everybody working in IT believes that they know how to do it? I rarely see non-DBAs telling their DBAs how their databases should be partitioned but I'll regularly see non-security types discussing security with great authority but little in the way of informed opinion!
So, I'm happy to accept the charge that part of the brief of the security professional is to educate the masses - but I do find it incredibly frustrating that the masses seem pre-programmed with the belief that they already understand security and risk management...
Is it just me?
Subscribe to:
Post Comments (Atom)
2 comments:
Hilarious! With such an emotive subject it's no wonder that many have an opinion to share. And here in lies the rub..... the emotion and gut feeling need to be removed and replaced with objectivity and fact.
Alas in a subject that doesn't do metrics well this is much easier to say than actually do.
Fully agree. My (probably not entirely altruistic) concern at the moment is that with budget cuts looming many organisations are dropping security subject matter experts as they believe that the generalists can cover it off. Of course, we'll all be back in 12 months time when everything's gone pear-shaped but I'd rather everyone avoided the pain :-)
Post a Comment