Quoting ZDNet: The average security team has a reputation of saying "no" to everything. This could come down to two things - training and leadership. |
ZDNet
|
| Reply Subscribe |
Sep 6th 2016 2 years ago |
| The best way to manage perception on this issue is to allow the business to understand the risk of saying 'yes'. If they accept the risks because the business can afford the consequences, then often a "yes" is applicable with some conditions or at a minimum a declaration that risks are acknowledged and accepted. |
Kevin Shortt 81 Posts ISC Handler |
| Reply Quote |
Sep 6th 2016 2 years ago |
|
A good friend once told me that as an industry, we need to change our NO to a KNOW. By knowing the desires of our business areas, we can stop being perceived as the "no police" if our first response to a new idea is anything but a NO. The very worst thing that could happen is that the business areas stop inviting us into their conversations. Russell |
Russell 94 Posts ISC Handler |
| Reply Quote |
Mar 26th 2017 1 year ago |
| thank you |
Nokta 3 Posts |
| Reply Quote |
Mar 26th 2017 1 year ago |
| This is a constant challenge in our industry. How many security practitioners have been asked to stay away from project planning meetings because we reject everything. I agree that going from "no" to "know" is a good attitude to take on, and make sure that our op/dev folks, PMs, and business leaders understand that when we say "no," we're actually saying "not like that" (most of the time). |
Anonymous |
| Reply Quote |
Jun 15th 2017 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!
