This blog is not about the security topic de jour but rather about a context and perspective in which to view and respond to the events of the day. It is about:
Rules and Tools
It responds to my observation that security is a space in which intuition and good intentions do not serve us well and in which rational thinking is difficult. There are many variables, some of which are un-identified. Even for the identified variables, the range of possible values, much less the exact or current value, may be unknown, or even unknowable. So, this blog will stress making hard decisions in the face of uncertainty.
Bill Murray is a management consultant and trainer in Information Assurance specializing in policy, governance, and applications. He is Certified Information Security Professional (CISSP) and chairman of the Governance and Professional Practices committees of (ISC)2, the certifying body,
He has more than fifty years experience in information technology and more than forty years in security. During more than twenty-five years with IBM his management responsibilities included development of access control programs, advising IBM customers on security, and the articulation of the IBM security product plan. He is the author of the IBM publication Information System Security Controls and Procedures.
He has been recognized as a founder of the systems audit field and by Information Security Magazine as a Pioneer in Computer Security. In 1999 he was elected a Distinguished Fellow of the Information System Security Association. In 2007 he received the Harold F. Tipton Award in recognition of his lifetime achievement and contribution. In 2016 he was inducted into the National Cyber Security Hall of Fame. In 2018 he was elected a Fellow of (ISC)^2.