Understanding the Business
Security professionals have preached for some time about the importance of understanding the business when constructing a security program. One of my esteemed colleagues has even been quoted as saying that CISOs should "stop fiddling with the firewalls and go talk to the business" -- a sentiment with which I could not agree more. There's no secret to obtaining business knowledge, folks. Often it is merely a matter of making the effort. Here are a few approaches that I hav