A Security Officer’s Playbook

by John G. Laskey
Oct. 7, 2017 0 comments INFOSEC Institute

I’ve been writing some pieces for InfoSec Review about my past work in information security management and assurance within the British government. Although working in Whitehall meant taking responsibility for valuable state data, I have emphasized throughout that the principles of protective security are universal, and that lessons I learnt there can be usefully adapted anywhere. Working for government has its privileges, but the institution is not markedly different from big corporations or, in the day to day running of many of its services, smaller organizations. As I have said, one big difference – which I did my best to make smaller – is the attitude to risk management. Governments do not want to be embarrassed because the stakes of a dent in their reputation are bigger than simple product or contract competitiveness. Governments risk losing credibility and, at the furthest extreme, their power if they are seen to mishandle things the electorate consider important.