Читать книгу The Security Culture Playbook - Perry Carpenter - Страница 15

Management is efficiency in climbing the ladder of success; leadership determines whether the ladder is leaning against the right wall.

Stephen Covey

Let's be honest—no organization will ever be fully secure. Security is a management process. It's the process of managing all the risks and threats that arise minute by minute, hour by hour, and day by day. You are never done. You can be more secure than you were yesterday, but you never arrive. You're always a zero-day threat, misconfiguration, or employee-related incident away from being less secure than you were just a minute ago.

This is a critical concept for organizational leaders and their boards of directors. So, if you are one of those leaders, or if you have influence over one of those leaders, read on. This chapter will serve as an overview of why security culture and your human-layer defenses deserve attention at the highest levels of your organization. And, while we don't want to be fear mongers or party killers, we will also briefly discuss the cost of ignoring your security culture or taking it for granted. Lastly, we'll point you to some valuable resources that you can begin using right away.