IT security professionals’ effectiveness in an organization is influenced not only by how usable their security management tools are but also by how well the organization’s security management model (SMM) fits. Finding the right SMM is critical but can be challenging — trade-offs are inherent to each approach but their implications aren’t always clear. The authors present a case study of one academic institution that created a centralized security team but disbanded it in favor of a more distributed approach three years later. They contrast these experiences with expectations from industry standards.
↧