Friday, February 02, 2007
Important Questions for IT Security Professionals...
My peers in other enterprises are asking braindead questions regarding security when speaking with large analyst firms. This has a result of them keeping research very shallow within the security domain. Figured if my peers are going to learn anything about security, they may be better off skipping the large analyst firms and going straight to the blogosphere...
Maybe I could get Gunnar Peterson, Mark O'Neill or Matasano Chargen to noodle some questions? Never wanting to be accused of lumping all analysts into the same category, in the security space I also like Bob Blakley, Dan Blum, Nick Selby and Gerry Gebels all of whom are highly credible and would be appreciative if they could all share their perspective on the following questions:
Hopefully, we can get others to participate in this discussion and share their own insights. Please respond via trackback...
| | View blog reactionsMaybe I could get Gunnar Peterson, Mark O'Neill or Matasano Chargen to noodle some questions? Never wanting to be accused of lumping all analysts into the same category, in the security space I also like Bob Blakley, Dan Blum, Nick Selby and Gerry Gebels all of whom are highly credible and would be appreciative if they could all share their perspective on the following questions:
- What are security tools and technologies that all enterprise software projects need in order to establish a sustainable security posture?
- How should enterprise architects enhance their SDLC to include security activities?
- How should enterprise architecture teams measure their enterprise's progress in application security?
- What is the responsibility of business architects in helping folks determine the enterprise security agenda?
- What teams or roles should the enterprise create to address application security?
- Should application portfolio management tools track security? If so, which ones do the best job in this regard?
- What are best practices in terms of configuration and release management to ensure a secure deployment of software?
- What verbiage should enterprises start putting into their contracts with software vendors in order to procure secure software?
Hopefully, we can get others to participate in this discussion and share their own insights. Please respond via trackback...