04 Sep 2012

Seven Habits of Highly Effective Security Plans [Part 5]

Steven R Covey died on July 16, 2012. This is sad news indeed. I really liked his 7 habits work. It was (like ISO27002 and the like) a good framework but not a good standard. And therein lies its power. It is like powered milk – without adding something then you have nothing. I took the 7 habits and started (5 years ago!) to make a series called the 7 habits of highly effective security policies.

I got stuck at habit 3. I honestly have tried over the last 5 years to write a blog post that is acceptable to my standards on habit 3 but now that I reflect on it, it’s a good thing that this one is the most difficult. It is also the one that everyone should define for themselves. I believe this is the core habit and while the other habits are easy to adopt with practice, this one needs to be revisited often. It can’t become a habit. So, I am leaving this one out for the readers to do for themselves.

The only advice I can offer here is that as a security professional you will always have something urgent to deal with. You will always be reacting to the latest exploit in the news, the latest report from the auditors, the latest breach. There are new virus definitions every day and new patches every month. You are always reacting. You have to set some time aside for proactive security. For acting. How you do that is up to you but it has to happen.

I may revisit habit 3 in future but for now that is all you get…

Moving along…habit 4.

Steven R Covey died on July 16, 2012. This is sad news indeed. I really liked his 7 habits work. It was (like ISO27002 and the like) a good framework but not a good standard. And therein lies its power. It is like powered milk – without adding something then you have nothing. I took the 7 habits and started (5 years ago!) to make a series called the 7 habits of highly effective security policies.

I got stuck at habit 3. I honestly have tried over the last 5 years to write a blog post that is acceptable to my standards on habit 3 but now that I reflect on it, it’s a good thing that this one is the most difficult. It is also the one that everyone should define for themselves. I believe this is the core habit and while the other habits are easy to adopt with practice, this one needs to be revisited often. It can’t become a habit. So, I am leaving this one out for the readers to do for themselves.

The only advice I can offer here is that as a security professional you will always have something urgent to deal with. You will always be reacting to the latest exploit in the news, the latest report from the auditors, the latest breach. There are new virus definitions every day and new patches every month. You are always reacting. You have to set some time aside for proactive security. For acting. How you do that is up to you but it has to happen.

I may revisit habit 3 in future but for now that is all you get…

Moving along…habit 4.