Security is a strategic concern (posted by Fabien Villard)

Here is an interesting point of view on security business today from an IBM Security Strategist:

Among the eight points some are tightly related to enterprise strategy and enterprise architecture. Points 2, 6 and 7 focus on external concerns, regulations and security product vendors, but  others may be summarized like this: what do I need as a company when speaking of Security? Moreover, how do I manage to know that? This kind of question is all about strategy and point 8 is a clear conclusion: “Technology without strategy is chaos, Corman said”.

But security strategy has no reasons to be designed apart from the enterprise strategy. Risk evaluation (point 5) and risk priorities (point 4) should be part of the enterprise strategy and risk mitigation (point 3) should be part of the enterprise architecture as a result of good practices, not as a resullt of late add-ons: security concerns should be included as a primary requirement of all designs, starting from the enterprise level studies.

Leave a Reply


Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 1,033,718 bad guys.