quality, security, delay, audit, review, fix, reputation, safety
HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.


Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.

The Virus Time Machine (e-Book)
Product ID: 00000007

... What You Need to Know (and Wish You Knew Before) About Removing Virus and Malware Infections Before you start down the path of trying to fix a virus infection on your computer, you should really understand what's invol ... More »

Non-Member Price: $4.99

November 2009 Posts

Archives
  Scott Wright's Security Views
Blog Entry

Putting off a security review or internal audit because you might find a problem?

Saturday, November 28th 2009 @ 12:38 AM (not yet rated)    post viewed 1272 times

Imagine you're going to buy a car. Would you rather buy one from a manufacturer that has a good record for quality, reliability and safety, or from one that has a poor record, or worse, no data they can point to that shows they did any testing at all? Of course, you want the one that can show you their record on how well the car will perform.

When your clients buy products or services from you, why would they be thinking any differently than you were when considering buying a car? But the reason for doing the testing is not so much to be able to differentiate you from the competition - although it won't hurt. The reason to do the testing is so you can find out about any problems BEFORE your customers - or the industry reviewers - discover them, and you have to do damage control.

Increasingly security is becoming a quality issue. The more security issues you have, the more you will be seen as a poor quality shop. A reputation for poor quality takes a long time to fix.

The other thing to consider is that poor quality leads directly to poor security. In a large percentage of cases where security breaches occur in products, websites or business processes, it is because a quality process failed to ensure that everything was being designed, put together or processed properly.

Would you buy your product or service based on it's quality reputation, which could also become its security reputation?

Or, do you think I'm crazy for constantly saying that security is an element of quality? Without one, it's hard to say you have the other, isn't it?

Don't put off doing security testing or reviews, just because you're afraid you might find something that needs to be fixed. It's a lot cheaper and easier to fix now than later.

Would your organization be interested in obtaining the right to use my security awareness eLearning content or articles in your enterprise security program? Or would you like help with strategy, risk assessment, program development or training? Please call or email me at the coordinates below...

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

 

 

Site Meter

Web Analytics

 rate this post: very bad poor average good fantastic!
Comments