Security Word of the Day: Compromise

Living in Washington DC, many of my friends and acquaintances work for the federal government in some capacity. And not all of these people are in IT. When you live in this area, politics seem to permeate everything, making House of Cards seem more like reality television than fiction.

I know a former congressional staff member and when we run into each other, inevitably our conversations turn to the current state of the federal government. It’s obligatory here, sort of like chatting about the weather anywhere else. Recently she made the point that recent problems with government shutdowns and standoffs could be attributed to one major problem: confusing compromise with capitulation. The government only works when both sides are willing to negotiate and unsophisticated, inexperienced politicians generally fail to differentiate between the two concepts, causing no end of problems.

I realized this is also a major problem with many information security professionals. At least 50% of our work is focused on discussing and negotiating risk. Does Operations really need to apply that emergency patch to all 2500 servers today to mitigate the latest threat? Is there an active exploit? What about the risk of service interruption? Can it be done in phases?

Often, our relationship to the organization turns into a WWE Main EventInformation Security vs. the Business. But like effective politicians (no, it’s not always an oxymoron),  good security professionals pick their battles, living to fight another day. Compromise is not the same as capitulation and it doesn’t mean we’ve surrendered to the Dark Side when we work with the business to build reasonable timelines for remediating risk.

patching

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: