Introduction to Governance, First of a Series

Governance is the foundation that effective security is built on. It’s a big word for a common-sense idea: things work better if you know what you’re trying to do and how you’re willing to do it than if life is an endless flailing reaction of whatever the latest situation drops in your lap. Boy Scouts have been telling people to “be prepared” for a long time.

If it’s such an easy idea, why do so many people get wrong, in their personal lives and in business?

The lights come on, the set is down, the curtains float away...

People already blog about information security – just look at my short but growing blog roll. Does the world really need one more? I think so, and my inaugural post is to make the case for it.

Information Security is big business. The U.S. federal government alone spent 7.1 billion dollars on it in 2009, and private industry dropped a pretty penny on it as well. The headlines regularly show the cost of not getting it right, literally and figuratively. Companies appoint executives, staff departments, allocate budgets, and do all the other things that businesses do in order to secure their computing. I should know – it’s kept me employed full time for most of my adult life.

And yet, the headlines keep coming.