Tom Olzak

Posts Tagged ‘outcomes’

It’s all about business outcomes

In Business Continuity, Project Management, Risk Management, Security Management on April 13, 2009 at 13:57

Interesting stuff in a Kaspersky threatpost.com editorial

Across the variety of orientations which exist within security, outcomes are what counts. Some examples:

  • Compliance officers want to keep the CEO out of jail. All the process in the world is useful because when they’re not, they can talk about their plans for correcting that.
  • Applied Researchers ask “did you pwn it?” They’re concerned with testing a hypothesis, which is “this system resists this type of attack”
  • Law enforcement wants to catch the bad guy (or gal). Much of the friction between civil libertarians and law enforcement comes from a conflict about prioritization of goals.

We’ve focused on process because we have so little data on outcomes. People will talk about their training processes. But when you ask them, did that process work? no one wants to say.

Source: Security is about outcomes, not about process, Adam Shostack, 13 April 2009

Read the rest of this entry »

%d bloggers like this: