« Understanding Cloud Security Standards Part 2 | Main | Good News and Bad News »

Comments

Bavo De Ridder

Is it a coincidence or is the architect missing? A good architecture has a significant positive influence on security (and with a decent implementation governance), a bad or missing one has a significant negative influence on security.

gunnar

@Bavo - no doubt

Travis Spencer

What about the network guys (DNS, f/w, etc. )? Do they fall under ops because they play a huge role.

Farhang

Here are the Influencers from my vantage point (architect technically responsible for a project)

1- The guy who really owns the risk (business guy)
2- The guy who knows he doesn't own the risk but pretends he does (infoSec guy)
3- Me and my guys (software eng., DBAs, build, release guys, basically whoever builds software ...)
4- Ops and network guys
5- The hacker/fraudster community

But I agree with the conclusion: Security is more important to be left to security guys ....

Sec_prof

Absolutely concur on the "integrated" part. It is my goal to have everyone in the company thinking about security as just an attribute of what they do. Makes it much easier to have an effective security program when everyone on the team is an active part in making it happen.

The comments to this entry are closed.