Petty infighting among interest groups and blatant opportunism have created an entire sector of the technology industry that promotes costly security technology services and solutions through fear and disinformation. Executives and professionals have to see through that smoke screen and use common sense to guide them to the right decisions concerning just how much their business depends on bullet-proof security, just how much to invest in commercial security solutions--and most importantly,  just how much these solutions differ from the solutions and processes they already have in place.

We already know what to do because security is not a new problem area. Security has been a concern in the information industry since the first computer was built to house proprietary information. Security is nothing more than a common quality attribute of technology systems and a business risk. We already have in place mechanisms to deal with quality assurance and risk management--and these can be leveraged to help address the security problem.

Security can be dealt with effectively on technology projects, using your quality assurance and risk management infrastructures. You simply prioritize security higher on projects, during the procurement process, and on implementations.  The problem is that this assumes the organization already places high value on quality assurance and risk management. Our tendency to address security as a separate enterprise problem is chiefly because most companies have prioritized quality and risk analysis low on technology projects.

Home