How to become an exceptional security manager
Good article in Computerworld taking tips from a surgeon's textbook and applying it to IT Security Management.
"The number one indicator for above-average medical care was often simply consistency. In the story related on NPR, the author discussed how one doctor was able to have significantly longer survival rates for his cystic fibrosis patients (47 years) as compared to the national average (33 years). The secret? Consistency. The doctor determined that many patients simply were not taking the recommended medicines consistently and timely. Once he realized this, he focused on making his patients more consistent, especially stressing that they should continue to take the medicine during the majority of the time when they felt well. The outcome was significantly longer living patients.
How many of us work in computer security environments where basic security recommendations are not applied consistently? I think it is nearly impossible to find a company that consistently and universally applies basic security tenets. So, we have inconsistencies, cracks in the system, and bad things are allowed to occur. The very human nature of purposefully allowing inconsistency as a norm leads to below-average outcomes. Taking a personal and institutionalized interest in applying basic security principles consistently will mitigate more risk and lead to a more secure environment."