« Hotel Booking Nightmare (Or, Avoid hotels.com - Seriously) | Main | InfoSec as Counterculture »

Cut Through the Noise, Focus, Find Success

I was recently out camping in a rather busy campground. Nearby was a group of teenage girls, wrangled by mothers who overall lacked the necessary training in crisis management to keep a lid on the brood. At the same time, I was working on a deadline to get a couple pieces written, and I have to say, the challenge was immense. The noise generated by the group of 12 or so girls seemed ebb and flow at rates rivaled only by large crowds at major sporting or entertainment events.

In many ways, this is the focus we face in information security. We are constantly surrounded by noise. Different people in varying parts of the organization are clamoring for attention, or battling with each other, or just generating a lot of background noise, and yet we're expected to buckle down and achieve our objectives. My favorite whipping boy, the PCI DSS, is an excellent example of a large noise potential, providing plenty of salient details, but also generating so much volume that it can drown out your hopes and dreams.

The key to success, then, is in finding a way to cut through the noise. In my case, I was able to position a citronella candle such that the flickering light provided a source of focus that took my mind off the background noise. In other cases, however, a candle may not work. Instead, it's important to find ways to block out the "unimportant" in order to cut through to the "important." These terms are, of course, subjective, but they bear out.

Compliance today, in many environments, provides a very large source of noise. Finding focus can be a challenge. But it's a challenge that can be met. Start with key principles of information security. Are business and operational requirements understood, well-defined, and well-communicated? How's your risk management? Do you have a completely framework in place (note, this is not just asking about risk assessments, but the entire risk management program)? How's your operational security? Do you have visibility into key systems (e.g. logging, data flow maps)? Have you defined key metrics? Are you actually measuring and tracking them? Are you performing routine audits and self-assessments? How's your security testing program?

It's easy to become overwhelmed with all of these topics and concepts, but focusing on fundamentals (risk management, operational security, quality and performance) can allow you achieve clarity and focus. Aim for a successful security program and the pieces will fall into place.

(Note: this article is cross-posted from T2PA Practical Security Core)


TrackBack URL for this entry:

Listed below are links to weblogs that reference Cut Through the Noise, Focus, Find Success:

» Surviving in Degraded Conditions: A Human Analogy from The Falcon's View
If you've been following my writing of late, you'll know that I've hopped on the Survivability bandwagon with both feet (see my blog post "Defensibility and Recoverability" and the slides from my recent full-day course "Total Enterprise Assurance"). Ke... [Read More]

Post a comment


This page contains a single entry from the blog posted on June 28, 2009 12:27 AM.

The previous post in this blog was Hotel Booking Nightmare (Or, Avoid hotels.com - Seriously).

The next post in this blog is InfoSec as Counterculture.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.