[ISM3 Users] Tuesday Insight: Environments
Steve Attias/NYLIC
Steve_Attias at newyorklife.com
Fri Jul 13 12:41:26 CEST 2007
Sign me up for Anthony's POV.
InfoSec often feels it is overly important. Business exists to fulfill its mission. We need to use resources effectively to make "good enough" decisions. That may vary for each business environment. But the 80/20 rule is a decent place to start. If I can get 80% of the benefit for analyzing 20% of the "assets" - that may be plenty good for the business to make a wise decision.
And I think its important to collect data that others can use, or reuse data others have already collected.
Hence my caution to my infosec team to avoid yet another scanning engine - use the data from the network folks, or the asset folk, or the finance folks....
More information about the Users
mailing list