« There Are No Security Problems | Main | Boring is Good »



Hmm... I'd say a lot of ineffective security shops are swimming in products poorly integrated. We run pretty lean with a small number of "security specific" tools and frankly, get the most mileage out of the same tools that the IT folks use. That and plain old good decisions and risk education.

I'd also add: IT in general has an integration problem. Watching the Ops team flail around trying to get their SAN to work with their virutalization stack and their various enterprise apps is lesson enough that interoperable tech is a long way off.

Andre Gironda

Accountability in the lower input chains must be assured to make a higher value output chain. Process management (which barely exists in any IT environment I'm aware of) relates tasks-to-output. We can create higher-value outputs from lower-value inputs and we can secure them.

Do I have to say it? Security is about process, not products.

Love this thread, and have personally been obsessed with integration metrics since Visible OpsSec. Let's get to it!

The comments to this entry are closed.