THE FOG OF DATA SECURITY

Removing the fogA foggy day can create visual sightings that can look uncanny or unrealistic.  Only a little sunlight and passing of time will give an exact picture of what initially looked unreal.  As time lapses, nature provides elements to affect how you can solve this visual mystery.  Engineering maintenance or design efforts need similar clarity to refine systems analysis and requirements issues.  The first phase of engineering projects has a variety of analysis issues to mitigate before you can make major progress. 

An effective “risk analysis and assessment” is the first step to identifying and refining an organization’s key assets.  An organization is composed of stakeholders from different departments and skill sets, so composing a team of specialized resources is necessary to compile a robust list of assets.  However, organization management at the highest level have to confirm and prioritize security of assets identified by stakeholders.  A security professional can help identify a level of assurance to protect an organization’s assets (i.e., the systems architecture, constraints, and design can meet business compliance requirements) and allow decision-makers to grant an authorization to proceed.  Security engineering of controls and countermeasures is impossible if the key assets are not identified properly. 

There are several layers of security processes and procedures needed to implement a secure organizational environment, an effective assessment will help streamline those goals and properly protect assets.  In an age of when hacking and cyber crimes are the norm, a “defense-in-depth”  strategy (e.g., layers – physical and logical) is needed for any public facing computer system.