How to Cheat at Managing Information Security

The purpose of this chapter is to:
Define jargon, principles, and concepts of the information security professional
To help you understand what security people are carping about
The United Kingdom s Government Communications Headquarters (GCHQ) in Cheltenham is one of the most secure places on the planet. Many documents that are more confidential than top secret are stored there.
I went there went through gates, past guards, signed forms, and showed various credentials. As you know, it always rains in the U.K., and like any proper English gent, I carry a rolled umbrella. So I put my brolly in the umbrella stand, which was behind the locked doors, razor wire, and cameras, and went to my meeting. When I came back, my umbrella was gone stolen! I guess all those countermeasures weren t there for the protection of my brolly.
The moral: A countermeasure or protection for one asset doesn t necessarily provide good protection for another.
I pretty much fell into information security, and as a relatively late starter coming from a relatively senior position, I found the first year very difficult. I had very broad and very deep technical experience, so I always seemed to produce a technical analysis or solution that pleased. I had a Business honors degree, had true management experience, and had done enough work to be a partially qualified accountant, so really, I wasn t found lacking there (although nontechies always accuse techies of not understanding commerce). It really was the jargon that lost me; no...