Improper Control #2

By cliangNo Comments
The detection should be deployed on the "risky" lane at junction Technical control is just one of the security measures. There are much surrounding elements to take care in order to secure. This includes but not limited to: Understand the security objectiveDesign with optimal controlsDeploy with the viable measures (be it technical, administrative or management controls)Verify if controls are deployed per designSustain the effectiveness of the controls Most often, security practitioners are focusing on technical controls with micro management. They forget the bigger picture where the technology stands in the entire business landscape. ...
Read More

Policy Making

By cliangNo Comments
For certain job roles of cybersecurity practitioners, policy making is necessary as a foundation in running the business securely to a reasonably degree. While doing so, we must fully understand the business objectives, operating environment and intended business outcomes taking text book knowledge as a reference rather than blindly applying. Where necessary, suitable qualifier or elaboration is required to enhance clarity. Example is personal privacy. The data subject must be a living individual shall have differentiated the situation in real life. Without this, it is impossible and impractical to enforce by replacing all the tombstone around the globe. ...
Read More