Logical Cybersecurity
Logical Cybersecurity is about finding the right balance between security and convenience (i.e. operability) while also keeping in mind an organization’s or person’s risk appetite and pain threshold. This is the approach we take, because we know these two things are true.
If security becomes too inconvenient (or too difficult) for people, especially those in IT (server admins, developers, help desk personnel, etc.), they will find ways around security configurations and safeguards to "get things done."
If security becomes too inconvenient for an organization’s customers, they will do business elsewhere.
These ramifications make the job of an information security professional difficult and challenging, but can also make it very rewarding as well. Finding the right balance to make everyone from our customers, to our IT staff, to our board of directors and legal department happy, while also protecting the assets in our control, is a great accomplishment and is what every information security professional should be striving for.
As security professionals, it is important for us to make rational decisions when implementing new policies, procedures, security measures, etc. We like to think of this process as implementing "logical cybersecurity". We must always remember to “put ourselves in their shoes” when collaborating with our internal and external customers. We have to understand infrastructure personnel (developers, network engineers, help desk, server admins, etc.) are primarily focused on availability and ease of use. We must keep in mind sales personnel are focused on making sales and any impact to them could result in lost revenue for the company and look extremely unfavorable on the infosec team. Our primary responsibility is the security and protection of everyone’s data, but we must understand the business is here to make a profit. Making things too inconvenient for internal personnel or external customers will result in negative actions. Those actions could impact profits and/or brand loyalty, but they will most certainly impact the company's information security methods and team in a variety of ways. As discussed on the Home page, we are hoping we can help others through the information contained on the website.
Contributors
James Owens (founder): Has over 28 years of IT experience (as of 2020) to include over 8 years in the U.S. Navy. He has worked for various government agencies, government contractors, large retailers, financial institutions and several start-ups. He has performed in many diverse roles to include SOC manager, Compliance manager, incident response lead, risk management, information security engineer/architect, GRC analyst, SOC analyst, fraud analyst, project lead, system engineer, system administrator, network engineer as well as a SharePoint designer. James loves to mentor others and is passionate about security awareness training and helping organizations build a great security program.