It

A great post from W. Mark Brooks asks when did Information Security become IT Security? The point is very much in line with my triangle theory, that security is the pinnacle of IT and requires mastering the lower levels first. Though to counter the ITS vs IS argument I posted that IA is the more appropriate name. Post below: I prefer the military nomenclature of Information Assurance. I have carried it over to the commercial world and make sure all my security types carry that title now. I like the definition and what it means: ...

Information technology and assurance both are commonly seen as negative costs in a budget. Deploying a new or replacement server is seen as “sunk” cost for very little gain. In the same vein implementing costly security packages before an attack seems imprudent. “We haven’t had security issues thus far” is a slogan to be plastered on the side of Silicone Valley. Sticking with legacy platforms and code bases to dodge the upgrade bullet only serve to hit you with cost later down the road. As a good friend of mine Marc states “plan to do it right first or plan on doing it again later.” ...