The Ghost in the Machine
Traenk challenges himself to peer more deeply into the darkness to see the Ghosts in the Machine...
A member of management challenges me to improve my Security work, and it is working.
My work with the Center for Internet Security has shown me plainly that some technical configurations are more secure. These are also increasingly supported by the vendors, those who once assured us that their products were secure from the factory. Whoops!
I will study the most obscure technical specification, looking for that more perfect setting that seems to close an unseen hole. But is that effective?
As organizations go cloud, often leaping before they even think to look, security specifications are often set by vendors, cloud vendors who inherited the old penchant for claiming perfect security IN the factory. Whoops!
It's a matter of influence versus standards, persuasion over old-school dictation. If you are a Risk Management professional, what are you doing to improve implemented, not just documented, security practices?
I know some are threatened by encouragement to improve security. Me? I think I'll learn a lot. I will see more than the Machine and Its settings. I will see the People who use the Machine, heretofore, little more than ghosts...