Wednesday, May 21, 2008

"Security": Whose Responsibility?

I spend too much time thinking about the roles and responsibilities in information security. Fortunately, I am not alone in this. Richard Bejtlich just posted an interesting article. I like the graphic he uses, and I support his analysis.

In Richard's vision, it seems that the role of the information security professional is much more that of a specialist than many practicing professionals believe they are. It also clearly outlines that because of our specialism (specialism as in: focus on a narrow area), we are ideally suited to play an (in-house) consulting role.

Excellent post. Go read it.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.