Introduction to The Dude Says, Episode 001

Introductory episode to The Dude Says, where I share my background and what I’m working on.

 

GIAC GCCC #242

 

 

 

 

Standardize Your Security In An Agile Culture

 

Thoughts on Information Security and Risk Management in an Agile Culture

 

 

Narrated slidedeck from a presentation given at the Chattanooga chapter of ISSA.

In keeping with the Ides of March timing of the presentation, I chose to model my analogy to include references to Julius Caesar and Mark Antony.

Information Security Costs May Be Delayed But At What Price

[S]oftware solutions delivered to market cost money. Secure software solutions or products and services with critical dependency on secure software solutions cost more money.  Hospira is finding this out with its older medical pumps in the Symbiq line.

 

Copyright Rob Byron, Licensed via Fotolia.com - Image #4187103

An examination room at a doctor’s office.

 

Delivery IS Business

Royalty free image licensed via Fotolia.com

Flower Shop Owner

Business

[W]hether your business’ core competencies involve products, services or legally binding promises, delivery is a measuring stick that’s used to evaluate you.

Do you deliver what customers want ahead of the industry?  Do you deliver it better or cheaper.  Do you deliver a different experience; are you a boutique for your industry?

What is Compliance?

image

I read and hear the term “compliance” used liberally in infosec, often without a clear context.

The graphic above is intended to illustrate some business drivers such as statutory laws, regulatory agencies (e.g. GAO’s HIPAA), industry-imposed requirements (e.g. PCI DSS), customers’ and shareholders’ expectations (some of which are legally and contractually required).