The worst part about deciding to start a new blog is determining which topic you want to discuss next (at least in my opinion… so far). I started a list of things that I knew I wanted to bring up and of course RISK was one of them… how could it not be. It is what I talk about on a daily basis. I consistently stress the importance of understanding the risk associated with everything. But as I was doing my job, I came upon a blog regarding risk and it hit me… of course risk is important but what about the trust?
Isn’t trust the cornerstone to risk? Isn’t it necessary to trust your data in order to establish your risk level? How do we do that? I am not talking about PKI, I am talking about trust in the collection of the data and trust in the classification. Collections and classifications are done by software and people and we have to trust both of them. We have to trust the software is doing it’s job and that it never stops. The same is for people… we have to trust that they are doing their job and never stop. The minute that either one these fails or worse, both of them fail, our risk increases drastically… our whole foundation is rocked (wait am i still talking about technology?)
Now in actuality, it is a vicious cycle and mostly because everything is dependent on something else. We do have to trust the software and the people and the level of risk MUST be factored into the risk level. You trust someone more because they have proven to do what they say and therefore your risk goes down. They screw up once and risk goes up… it is almost like security is mimicking life. You need to build up trust with everything… with products, people, customers, data, etc. If you can not trust these aspects, you can not do any security within any setting. Trust is a corner stone to security. I am still going to push the “risk factor” but I think I have a new slide for my deck…
#1 by vTexan on January 6, 2011 - 18:38
WOW – Great job !! I can’t wait to read more of your posts !!