Security and the Tao of the Organization
by Steven Fox, Security Paradigms
Sat, 2009-09-26 03:15
Topic(s): | | | |

The military is a great matter of the state.
It is the ground of death and life,
The Tao of survival or extinction.
One cannot but examine it.
- Sun Tzu

When Sun Tzu wrote The Art of War, he was concerned with the organization and disposition of military units.  In his day, as is true in ours, the military was a tool for the accomplishment of political goals.  In our role as security professionals, we serve to further goals of organizations that fight on a competitive battlefield.

Some of us are “foot soldiers”, fulfilling operational roles critical to the daily functioning of the company.  Others are the leaders – managers, CIOs, CISOs – who coordinate the tactics that realize strategic aims set by the sovereign.  While this hierarchy is common, the organizational Tao influences the way these elements are orchestrated.

According to Sun Tzu, the Tao is the Way – the context that defines how actions are perceived and valued.  In a business context, corporate values and culture define the Tao.  The success of any strategy depends on how it is supported by the Tao. 

Why does culture matter when it comes to security?  Is it not enough to expect compliance with published policies and procedures?  An August, 2009 interview with Wharton University’s Andrea M. Matwywhyn shows that the inculcation of a security mind-set is required to deal with evolving threats.  Additionally, an understanding of corporate culture enables the creation of effective security training.

It is important that a security program have the support of management.  However, the management team must be able to accurately assess the program in the context of the company’s cultural and political reality.  Failure to do this will inevitably create a clash between strategic security plans and the operational activities that enable that vision.

 

» read more from Steven Fox | post a comment
Reader Feedback
Tue, 2009-09-29 11:21
Different Applications
By Anonymous

The Art of War was about physical warfare. The cyber-war has different nature. At least, cyber-war is much intangible. Your quotation is mainly on the danger of making a decision to go to war. Once going to war, both sides are bad guys for killing people.

Sun Tzu laid down to ten to one ratio; that is it takes 10 times of force to crack a defense. However, in cyber-war, one hacker can DDoS the whole internet.

Anyway, knowing your enemy is the basic principle of HoneyNet project.

» Reply | Report as spam

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
E-GUIDE
Log Management in a Cyber World

ArcSight With so many potential cyber villains poking around the gates, enterprises must have strong protections and pristine visibility into what's happening on the network. Explore the increasing importance of log management as cybercrime and other malicious threats grow.

» Read this eGuide

WHITE PAPER
Comparing Research in Motion and Microsoft Mobile Solutions

Microsoft Organizations must look carefully at the requirements of mobile devices and accompanying middleware that can increase cost, complexity and administrative overhead. This white paper provides an independent analysis and detailed comparison of RIM and Microsoft's mobile solution.

» Read this White Paper