Page 12 - CISSO_Prep_ Guide
P. 12
This book is not intended to teach all the practical steps a
security practitioner must follow or teach how to use various
tools. This book is designed for the security professional, the
manager, the person responsible for setting up, managing,
operating, and reporting on security and taking a leadership role
in protecting the organization. As you read this book, please pay
attention to the concepts behind the examples, not just the cases
themselves. Try to apply the concepts covered to your real-
world situations; challenge your current beliefs, and consider all
the angles and approaches used by other professionals in the
field. As we should all know, there is no one perfect way to
solve every security challenge and no way to ensure that the
answers we used yesterday will be useful in the future.
The Relationship between Security, Engineering, and
Architecture
The first area a security manager must understand is the
relationship between Security, Engineering, and Architecture.
Security management requires a combination of skills and an
integrated approach to building a security system that can
withstand the attacks it will face. This involves the use of
technology, but technology itself is not enough. Technology must
be used in the right way, by people that have been trained in its
use, and supported by all the other elements of the complete
security framework. Knowing the way to design (architecture),
build (engineering), and maintain a security framework that
balances security requirements with business objectives is the
critical attribute of security management professionals.
The security professional must be able to quickly adapt to
changing threats and be flexible enough to accommodate new
