Posted on Fri 22 September 2023

750 chars: security re-org

Some people play Wordle to get their brains moving in the morning. I find one of Linked-In’s incredibly stupid “AI”-driven “articles” where they limit you to 750 characters of commentary (times 5-7 article segments) and write a cohesive answer to the whole thing in one block.

Herewith: “How Do You Work With Other IT Departments To Manage Security Risks”

Either your company understands that security is the prime risk assessment and management tool, or it does not. Figure this out first.

Assuming your company cares, get an executive mandate. Bring the IT, Ops, Network Engineering, Security, Software Development, Hardware Engineering, Legal, and all other relevant groups together. Establish a common vocabulary, write a policy, and appoint a committee that has the authority to approve exceptions and change policy.

Policy is implemented in plans, and if your company is large enough, some groups will need their own plans. Write them to a common skeleton, and publicize them internally.

Include Business Continuity and Disaster Recovery as subsets of Security: that’s where they belong. Done in 750.


© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.