Fortune Cookie Security Advice – No Royal Road to Security – July 2009

There is no Royal Road to understanding and achieving information security

Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

The key to fortune cookie advice is ‘common sense’ in the context of security.  It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

Fortune Cookie advice for July, 2009:

Road1.jpg

There is no Royal Road to understanding and achieving information security

Taking a line of thought from Euclid, there is no easy route to understand the ever changing complexities of information security.

We exist in an era where information security is both exciting and complex. 

The rapid evolution of information technology, increasing number of targets, and the explosive development of creative tools attackers employ all contribute to a dynamic environment where a continual struggle between aggressors and defenders shifts the balance on a daily basis.  Only through hard work can security professionals effectively pursue achieving an optimal level of security which manages the tradeoffs of cost against controlling impacts and effectiveness of attacks.  Achieving information security is an exercise in hard work, diligence, consistency, and flexibility to adapt technology and behaviors in meeting the challenge.

       

Fortune Cookie Security Advice - Strategic Compettive Secure - June 2009

Fortune Cookie Security Advice - May 2008

Fortune Cookie Security Advice - May 2008

Fortune Cookie Security Advice - June 2008

Fortune Cookie Security Advice - August 2008

Fortune Cookie Security Advice - September 2008

Fortune Cookie Security Advice - November 2008

Fortune Cookie Security Advice - December 2008

Fortune Cookie Security Advice - January 2009

Fortune Cookie Security Advice - February 2009

Fortune Cookie Security Advice - March 2009

Fortune Cookie Security Advice - April 2009

Fortune Cookie Security Advice - May 2009

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.