Comments on: Power of Negotiation http://www.cutawaysecurity.com/blog/archives/137 Cutaway's Observations, Opinions, Rants, Raves, Tantrums, and Tirades Wed, 02 Jun 2010 22:30:56 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: www.andrewhay.ca » Suggested Blog Reading - Tuesday May 1st, 2007 http://www.cutawaysecurity.com/blog/archives/137/comment-page-1#comment-12876 www.andrewhay.ca » Suggested Blog Reading - Tuesday May 1st, 2007 Tue, 01 May 2007 16:03:45 +0000 http://www.cutawaysecurity.com/blog/archives/137#comment-12876 [...] Power of Negotiation - Insightful post. Spinning up a new security program is no easy feat. Neither is changing the direction of one that is already in place. One of the first things that everybody identifies as necessary is policy. Whenever the auditors come through and organization or department, documented policies are one of the first things they ask to review. But policies are one of the hardest things in security, or business for that matter, to generate and update. Heck, in comparison, ethics is easier than policies. In ethics, usually, when a person has to think about something then they are probably crossing the line. But with policies how much is enough and where does it start crossing the line. By line I am talking about things such as cost efficiency, individual privacy, and any number of other questionable subjects. [...] [...] Power of Negotiation – Insightful post. Spinning up a new security program is no easy feat. Neither is changing the direction of one that is already in place. One of the first things that everybody identifies as necessary is policy. Whenever the auditors come through and organization or department, documented policies are one of the first things they ask to review. But policies are one of the hardest things in security, or business for that matter, to generate and update. Heck, in comparison, ethics is easier than policies. In ethics, usually, when a person has to think about something then they are probably crossing the line. But with policies how much is enough and where does it start crossing the line. By line I am talking about things such as cost efficiency, individual privacy, and any number of other questionable subjects. [...]

]]>