A Story of DevOps >>Episode 9. Kryptonite (DevOps Anti-Patterns)
Do you know that as Superman’s powers are destroyed by Kryptonite, DevOps powers are destroyed by Anti-Patterns – read on.
Category: Information Security
Why are we still talking about the reporting line of the CISO?
Why are so many organisations and security professionals still worried about the reporting line of the CISO? This is one of the oldest and most consistent debate agitating the security industry, and it looks far from resolved. It has been polluted for decades by arbitrary and simplistic views on “separation of duties” and alleged “conflicts of interest”. But those views often come from sectors of the corporate spectrum with a fairly theoretical idea on how an organisation should operate, and rarely reflect the reality of how large organisations function.
The tenure of the CISO is key to driving security transformation
Surveys suggest that the average tenure in a CISO position is around 2 years. Nothing will change until the profile of the CISO is raised and they start to see their role over the mid to long-term
To Delete Or Not To Delete — That Is The Question
There seems to be confusion in corporate America about whether or not to delete data. On one hand, there are legal departments that advise keeping everything forever, and on the other are those that recommend deleting everything as a matter of policy as soon as possible — whacking away at files and folders on your file servers like a drunk landscaper whirling a weed whacker around your yard. Meanwhile, IT is stuck in the middle trying to develop and engineer systems to enforce ever-changing data retention policies.
