“Security? It’s not in the scope of the project!”

It’s been awhile longer than I like to admit for posting. I suspect I’ve been befallen like many others…staying up late night to watch the Olympics. I’ve enjoyed them more this year for some reason than in years past. Maybe I have a greater appreciation for the amount of work it takes these athletes to prepare for competition. And it’s heart breaking when they make a mistake and know it. They continue on even when they recognize their dream of medals is over.

I think INFOSEC could be like the Olympics. In fact, I wish we had a national day, week, or month for conducting security checks or furthering awareness. Maybe I’ll take that up. I know I’ve been involved in preparing our company for meeting PCI compliance, though not as involved as many others. That is like getting ready for an Olympics. There will be many personal rewards and I’m sure some frustration. Yet, when I sit back and think about INFOSEC and realize it is something I take for granted. But how can we get other people to start believing in security to the point it is second nature as part of their jobs?

I heard of a story today that astounded me. A project team has been moving along on their work. When their documents were reviewed it was noticed that security was not mentioned. When asked about it their response was, "Security is not in the scope of this project!" Wow. How do you respond to that? It startles my imagination to think this mentality still exists out there. I just want to scream, "COME ON PEOPLE, GET IN THE GAME. SECURITY IS HERE TO STAY!" In fact, security may actually help the project succeed. Especially when there won’t be any launching delays for the project to retool security measures into it.

Information Security can be a value-add to any project. Yet there are people who don’t understand security and continue to see it as an impediment to time, resources, and cost. If security professionals are involved during the life of the project, architecture details may be caught and resolved right then and there. Why would that be a hindrance?

In the end, I’ll keep plugging along and doing my best to educate, educate, educate. But, just imagine if our proud gymnast Olympians had said daily exercise wasn’t in the scope of their training.


Jeff Evenson

Jeff is Chief Blogger for Security Friction, writing about the security issues that seem to always have some rough edges when being considered for implementation or integration. Jeff retired from the US Navy as a Chief Cryptologist, worked in the wireless telecommunications and financial sectors. Jeff has spoken at the local college and various community groups.

Leave a Reply

Your email address will not be published. Required fields are marked *