Logical Cybersecurity

Logical Cybersecurity is about finding the right balance between security and convenience (i.e. operability) while also keeping in mind an organization’s or person’s risk appetite and pain threshold. This is the approach we take, because we know these two things are true.

If security becomes too inconvenient (or too difficult) for people, especially those in IT (server admins, developers, help desk personnel, etc.), they will find ways around security configurations and safeguards to "get things done."
If security becomes too inconvenient for an organization’s customers, they will do business elsewhere.

These ramifications make the job of an information security professional difficult and challenging, but can also make it very rewarding as well. Finding the right balance to make everyone from our customers, to our IT staff, to our board of directors and legal department happy, while also protecting the assets in our control, is a great accomplishment and is what every information security professional should be striving for.

As security professionals, it is important for us to make rational decisions when implementing new policies, procedures, security measures, etc. We like to think of this process as implementing "logical cybersecurity". We must always remember to “put ourselves in their shoes” when collaborating with our internal and external customers. We have to understand infrastructure personnel (developers, network engineers, help desk, server admins, etc.) are primarily focused on availability and ease of use. We must keep in mind sales personnel are focused on making sales and any impact to them could result in lost revenue for the company and look extremely unfavorable on the infosec team. Our primary responsibility is the security and protection of everyone’s data, but we must understand the business is here to make a profit. Making things too inconvenient for internal personnel or external customers will result in negative actions. Those actions could impact profits and/or brand loyalty, but they will most certainly impact the company's information security methods and team in a variety of ways. As discussed on the Home page, we are hoping we can help others through the information contained on the website.

Contributors

James Owens (founder): Has over 28 years of IT experience (as of 2020) to include over 8 years in the U.S. Navy. He has worked for various government agencies, government contractors, large retailers, financial institutions and several start-ups. He has performed in many diverse roles to include SOC manager, Compliance manager, incident response lead, risk management, information security engineer/architect, GRC analyst, SOC analyst, fraud analyst, project lead, system engineer, system administrator, network engineer as well as a SharePoint designer. James loves to mentor others and is passionate about security awareness training and helping organizations build a great security program.

Disclaimer

All opinions, recommendations, etc. expressed are solely my own and do not represent those of my employers, customers, co-workers, friends, family, etc. Please remember technology, techniques, and products change rapidly, so opinions, recommendations and/or posts could change or become obsolete/outdated. Website authors and contributors are not responsible for any damages or problems caused due to implementing any recommendations or code provided. Therefore it is recommended to consult a professional prior to implementing any hardware or software changes. Lastly, any recommendations, examples, or code listed on the website must not be used for illegal activities.

Logical Cybersecurity

Logical Cybersecurity

How We Got Here

Logical Cybersecurity

Logical Cybersecurity

Contributors