Issue link: https://securitytechnologyexecutive.epubxp.com/i/431828
38 SECURITY TECHNOLOGY EXECUTIVE • November/December 2014 www.SecurityInfoWatch.com COOL AS MCCUMBER B y J o hn M c Cu m b er W e've all heard the saying: third time's a charm. My Irish forebears loved telling the story of Saint Patrick and how he was able to explain the Holy Trinity to the island's primitive inhab- itants by using a shamrock instead of the expect- ed PowerPoint presentation. The Chinese con- sider three a lucky number; the reason cited most often is that this numeral represents the major stages of life: birth, marriage, and death. Ancient Egyptians referred to great leaders as "thrice-great", and early Roman funeral ceremonies called out the deceased's name three distinct times. The information security profes- sion has some pretty neat triads as well. I should know — I ended up writ- ing a book about them. One of the tri- ads we reference often represents the three categories of security safeguards (or 'countermeasures' in some models): technology, policy/process and human factors (sometimes noted as the 'people' factor). Synchronizing your safeguards across all three categories is truly the art form that ultimately defines for the savvy security professional. However, it is not uncommon to see the emphasis shift among preferred controls. If you spend any amount of time listening to industry watchdogs and Wall Street, you could be excused from having the perception that cyber security — as it is now popularly called — is all about attack and defend technology. The industry that started as simple password controls and spawned the first basic firewalls for the inchoate Internet in the 1980s has now exploded into multi-billion- dollar companies with dozens of technology products. Seemingly lost in the cacophony of mergers, acquisitions, stock options, and geek talk are the less enthralling elements of process and people. When it comes to people, many assume the safeguards are centered on awareness training, posters, and corporate proclama- tions on the importance of computer hygiene. The people component plays a much more comprehensive role than that, but surely the true unsung heroes of our business are the ones who help us design poli- cies and process. I was recently visiting with a client who heard about the impor- tance of policies and process for protecting critical data resources, and immediately began to claim that his company didn't really like those messy and indecipherable aspects of security. Apparently, for his organization, codifying processes was considered an anachronistic vestige of a bygone era that started with Guttenberg and ended with Steve Jobs. I smiled as I felt the heft of the standards and guidelines weighing down my briefcase. They may seem cumbersome, and some even consider them outdated; however, processes and standards are central to ensuring your security program can support all that fancy, new technology you're buying — and don't forget the humans, too! ❚ Three's a Charm EDITORIAL Group Publisher ....................................... Nancy Levenson-Brokamp 800.547.7377 ext. 2702 • nancy.brokamp@cygnus.com Editorial Director/Editor-in-Chief .....................................Steve Lasky 800.547.7377 ext. 2221 • steve.lasky@cygnus.com CONTRIBUTING EDITORS David G. Aggleton, CPP Kevin Beaver, CISSP Ray Bernard, PSP, CHS-III Ray Coulombe Robert Lang, CPP John R. McCumber Robert Pearson, CPP George Campbell EDITORIAL ADVISORY BOARD Christopher B. Berry, CPP, VP Global Security & Safety, Henry Schein Inc. George Campbell, Emeritus Faculty Advisor, Security Executive Council Eric W. Cowperthwaite, CSO, Providence Health & Services Elizabeth Lancaster Carver, Member Services and Projects Manager, Security Executive Council Richard L. Duncan, CPP, Dir. Security, Hartsfield-Jackson Atlanta Int'l Airport John B. Leavey, Director of Corporate Security, AIG Karl Perman, Director of Security, North American Transmission Forum Art Director .....................................................................Bruce Zedler Production Manager ..................................................Jane Pothlanski 631-963-6296 • jane.pothlanski@cygnus.com Audience Development Manager. ..................................Angela Kelty SUBSCRIPTIONS CUSTOMER SERVICE Toll-Free (877) 382-9187; Local (847) 559-7598 Email: Circ.SecTechExec@omeda.com SALES CONTACTS Midwest Sales Brian Lowy 800.547.7377 ext. 2724 brian.lowy@cygnus.com West Coast Sales Bobbie Ferraro 310.545.1811 bobbie.ferraro@cygnus.com East Coast Sales Brian Ziff 800.547.7377 ext. 6288 brian.ziff@cygnus.com Display Sales Kristy Dziukala 800.547.7377 ext. 7377 erica.finger@cygnus.com LIST RENTAL Elizabeth Jackson 847-492-1350 x18 • ejackson@meritdirect.com CYGNUS REPRINT SERVICES To purchase article reprints please contact Nick Iademarco at Wright's Media 1-877-652-5295 x102 or e-mail niademarco@wrightsmedia.com SECURITYINFOWATCH.COM Group Publisher ....................................... Nancy Levenson-Brokamp 800.547.7377 ext. 2702 • nancy.brokamp@cygnus.com Managing Editor ................................................................Joel Griffin 800.547.7377 ext. 2228 • joel.griffin@cygnus.com CYGNUS BUSINESS MEDIA CEO, John French CFO, Paul Bonaiuto EVP Public Safety & Security, Scott Bieda VP Events- Public Safety & Security, Ed Nichols VP Production Operations, Curt Pordes VP Audience Development, Julie Nachtigal VP Technology, Eric Kammerzelt VP Human Resources, Ed Wood Published by Cygnus Business Media, Inc. www.SecurityInfoWatch.com John McCumber is a secu- rity and risk professional, and author of "Assessing and Managing Security Risk in IT Systems: A Struc- tured Methodology," from Auerbach Publications. If you have a comment or question for him, e-mail Cool_as_McCumber@ cygnusb2b.com.