Security friction isn’t always the by-product of a security control or that control’s configuration.
The control was planned to achieve some sort of objective. That
objective went through some sort of communication process.
That control was implemented and went through some sort of communication process.
The teams communicate as part of their broader engagement.
Was the communication effective?
Are you sure they even communicated at all?
When security friction is identified, there's also value in examining the underlying communications between the teams. Look beyond just this particular control.
The good news is that fixing a communication problem spans controls. A process change that fix future controls.
But today's friction came from somewhere. Perhaps even the cyber security team.
The good news is that fixing a communication problem spans controls. A process change that fix future controls.
But today's friction came from somewhere. Perhaps even the cyber security team.
So, is it the security control or the
communication?
Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1
SEE ALSO
The Cloud Security Automation Realization
The Training Conference Underestimation
The Privileges Paradox
Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1
SEE ALSO
The Cloud Security Automation Realization
The Training Conference Underestimation
The Privileges Paradox
No comments:
Post a Comment