How to Cheat at Managing Information Security

Chapter 3: Jargon, Principles, and Concepts

Overview

The purpose of this chapter is to:

  • Define jargon, principles, and concepts of the information security professional

  • To help you understand what security people are carping about

Anecdote

The United Kingdom s Government Communications Headquarters (GCHQ) in Cheltenham is one of the most secure places on the planet. Many documents that are more confidential than top secret are stored there.

I went there went through gates, past guards, signed forms, and showed various credentials. As you know, it always rains in the U.K., and like any proper English gent, I carry a rolled umbrella. So I put my brolly in the umbrella stand, which was behind the locked doors, razor wire, and cameras, and went to my meeting. When I came back, my umbrella was gone stolen! I guess all those countermeasures weren t there for the protection of my brolly.

The moral: A countermeasure or protection for one asset doesn t necessarily provide good protection for another.

Introduction

I pretty much fell into information security, and as a relatively late starter coming from a relatively senior position, I found the first year very difficult. I had very broad and very deep technical experience, so I always seemed to produce a technical analysis or solution that pleased. I had a Business honors degree, had true management experience, and had done enough work to be a partially qualified accountant, so really, I wasn t found lacking there (although nontechies always accuse techies of not understanding commerce). It really was the jargon that lost me; no...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Deadbolts
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.