I don’t normally get into quotes, but I like this one:
“As to methods there may be a million and then some, but principles are few. The man who grasps principles can successfully select his own methods. The man who tries methods, ignoring principles, is sure to have trouble.” – Ralph Waldo Emerson.
It’s no different to looking at managing Information Security in an enterprise. (Gees, this is deep).
The Strategic Security Management Framework approach for example can be considered the guiding “principles”. The “methods” – how those guiding principles are used in the development of methods is key. Flipping it the other way is always a guarantee of ongoing systematic failure.
Some related posts:
- The 7 Reasons why Businesses are Insecure
- Good document to pass to senior business managers about cyber risks and implications to business
- Risk Management Posts
Agree with the above… funny times with the below:
http://bsdosx.blogspot.com/2007/05/i-love-it.html
“Just re-read one of my links to recent testimony given by Dan Geer to the US Department of Homeland Security’s Sub-Commitee on Emerging Threats, Cybersecurity, and Science and Technology.
Quote from page 2:
‘Information security is perhaps the hardest technical field on the planet.’
F**kin’ A.
(I, or even he may seem biased, but those in the know will wholeheartedly agree.)
Q.E.D.”
==============
entitled ‘Infosec, what’s the fuss?’http://bsdosx.blogspot.com/2007/05/infosec-whats-fuss.html
And if anyone’s interested, apply transitive trust to my model here