Wednesday, May 11, 2011

The Audit




More Security Strips

5 comments:

  1. Excellent capture of the essence of leadership's approach to Security. If there were no regulators insisting on security compliance by audits, most of us (security professionals) may have to find an alternate career :-).
    When will business leadership mature and treat security as an integral part of the business strategy?

    ReplyDelete
  2. Information security is not about policies and processes. Its about a mindset. Its a way of life. Its all about change management. Unless the employee genuinely believs in the concept with a sense of belonging - the comic strip above will continue to echo the majority approach to Audits

    ReplyDelete
  3. Information Security is all about practice. We generally pull our socks at the time of Audits which leads to disappointment at times. I will go with Manish that its a mindset. we all should adopt it. As a practitioner, we should take it seriously. It was a nice representation Lucius.

    ReplyDelete
  4. I agree with Manish that it is a mindset. It's not a complete mindset change, but a small portion. If every employee/associate contribute that small portion to information security or just security in general, the security practiitioners efforts would be easier. My firm philosophy is that it is truly about education. Education, practice, test and re-deducate.

    ReplyDelete
  5. Nicely projected the true scenario of Enterprise. On top of that enterprise tries to wash away the unwanted noncompliant processes and objects.
    The question is are we performing audits just for the sake of Compliance standard or are we really looking for streamlined enterprise operation.

    ReplyDelete