Trite, insipid and banal. I agree that a holistic approach is needed and because of that a 'platform' is only part of the remedy. Apart from stating the obvious, the approach advocated here actually amounts to a view of information security which is curiously not holistic. As is usual, there is no mention of any process involved in information security simply a thinly veiled entreat to buy the snake oil and all will be well. Reader beware if devices are all that is mentioned then question the writers motives.
I would urge investigation of ISO27001 for any organisation. This will give you a framework. The risk analysis process will tell you what you are trying to protect and from what. The business owns the risk and if they accept it your job is done. If mitigation is mandated then you can look for 'platforms' and processes that fulfil your requirement. If your approach is rigourous then you will reduce the risk to an acceptable level for all parties concerned.
Of course, the success of the above relies heavily on skilled technical security professionals capable of acurately identifying threats, vulnerabilities and effective mitigation tactics.
In short, I would rather "blend" the above solution than concentrate on a bunch of boxes stitched together like 'Buffalo Bill' on a Saturday night.
Slashdot Mirror
I hear the Chinese are looking for a new vendor...
Trite, insipid and banal. I agree that a holistic approach is needed and because of that a 'platform' is only part of the remedy. Apart from stating the obvious, the approach advocated here actually amounts to a view of information security which is curiously not holistic. As is usual, there is no mention of any process involved in information security simply a thinly veiled entreat to buy the snake oil and all will be well. Reader beware if devices are all that is mentioned then question the writers motives.
I would urge investigation of ISO27001 for any organisation. This will give you a framework. The risk analysis process will tell you what you are trying to protect and from what. The business owns the risk and if they accept it your job is done. If mitigation is mandated then you can look for 'platforms' and processes that fulfil your requirement. If your approach is rigourous then you will reduce the risk to an acceptable level for all parties concerned.
Of course, the success of the above relies heavily on skilled technical security professionals capable of acurately identifying threats, vulnerabilities and effective mitigation tactics.
In short, I would rather "blend" the above solution than concentrate on a bunch of boxes stitched together like 'Buffalo Bill' on a Saturday night.
Nah, being in a "minimally conscious state" means they were able to put him to work as a hospital administrator.