Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

Intel Igence.

tk just has the best quote in the latest VERT Daily Post:

Decision support is driven by intelligence. No one knows this better than your adversaries and competitors.
I have been screaming for quite some time now that CEOs need to reinvent and transform their security organization into the INTELLIGENCE ORGANIZATION. It is a much higher value proposition and much more accurately describes their role in the organization ...
Being at the core of your organization’s decision support is critical and it is not about always being the bearer of bad news but about being the one stop shop for Operational Intelligence and Situational Awareness.

I couldn’t agree more, but I’m finding it hard to do so without looking like I’m pinning a Mensa Medal on myself.

“Intelligence” is a loaded word.  Can we use “information” instead?  It doesn’t sound as macho as “intelligence” when you’re in the DoD Metropolitan Area and you also like to use the word “cyber” a lot.  But it also keeps you from sounding smug when you’re trying to justify your reporting line to other areas of your IT department.

Actually, let’s break it down some more.  I end up being a nearly-one-stop shop for answers that require the discreet gathering of system data, the holistic view of IT if any of it is arguably security-related, and any legal or HR policies that need to be implemented in any way at the IT level.  In other words, if they need IT information that involves confidentiality, enforcement or any kind of risk, then they come to me.  Since there’s hardly anyone in the building who doesn’t use a computer for their work, that ends up being pretty often. 

I like the words “decision support” in this context.  I like them a lot.  I don’t make the decisions, but I provide the information and help break down the problem space for those who do.  Often I say, “I don’t know whether you’ve thought of this particular issue, but if you have, what do you want to do about it?“  (Disingenuity disclosure:  yes, I know that their decisions will be influenced by the data I give them, and half the time they will punt and say, “What are your recommendations?“)  But I really do see my role as a holistic sort of regulatory-and-risk IT person who ends up in the boardroom more often than others because the issues bring me there.

 

Posted by shrdlu on Friday, November 03, 2006
(1) CommentsPermalink blogmarks Favicon del.icio.us Favicon Digg Favicon Fark Favicon Furl Favicon Google Bookmarks Favicon StumbleUpon Favicon Technorati Favicon TailRank Favicon
Page 1 of 1 pages