Dominic Vogel, Chief Security Strategist, Cyber.SC
An article published by ISACA
Security professionals tend to have a penchant for making things more complicated than they need to be. But life and our work are complicated enough without us adding extra layers of needless complexity. When it comes to operating an effective enterprise security program, the old adage of “complexity being the enemy of security” really does ring true.
Many CIOs and CISOs are guilty of chasing the cool blinking lights of newer technologies and keep adding additional technologies to an already overburdened and poorly integrated security stack. Many enterprise security programs look like a scattered city of isolated Jenga towers. From a risk management perspective, the more complex the infrastructure, the harder it is to defend.
Balancing usability, security and complexity seems like a daunting task at times. Trying to do so on a daily basis costs many of us our sanity (think of Homer Simpson when he was forced to give up beer and TV!).
During one of my more salient moments, I came across a useful and applicable metaphor that security pros should heed when it comes to balancing that aforementioned unholy trinity…
Read the full article here.