Strategy for Breakfast: The Hidden Power of Security Culture
For an industry that is so grounded in engineering and technology, information security can appear quite unscientific to those outside of the field. Your organization’s information security team can probably inundate you with reams of data about security operations and posture, including product performance benchmarks, security event logs, patches applied, and events counted. But the industry struggles to satisfactorily answer the question of why one organization’s security strategy seems to protect the organization, while another’s efforts fail miserably. It’s almost like fate or the wrath of the gods is involved. We seem to know everything about how information security ...