This will be my last entry on the topic for a while. For context, I introduced the idea that folks don’t care about security, they care about outcomes in this post; and then I began exploring ways we, as IT practitioners, can shift the focus to the results and therefore contextualize the actions needed as something other than “security for the sake of security.” In this post, I’m continuing with that line of discussion. What can we DO to make our environments more secure, and how can we get our colleagues to understand and want to do it?
Focus on Actual Risks and Realistic Outcomes
(or: Don’t let “perfect” be the enemy of “good”)
This article has been indexed from DZone Security Zone