I recently participated in Computerworld Malaysia's security forum where local vendors and companies discussed enterprise security issues. It was an excellent opportunity to exchange ideas and views, and what I found most interesting overall was that with such diversity of participants, we agreed on fundamental principals together. For example:-

  • Security is a process more than anything else
  • Security is an ongoing process and ever-evolving process
  • Good people with education and training form the basis for realizing a secure environment
  • Executive sponsorship and direction make secure environments happen, not just keen IT security professionals working in organisational isolation etc.. etc..

I wasn't entirely happy with my quote, since it was paraphrased for "clarity", but nonetheless I was happy to be invited by Computerworld and also to exchange views with my customers and peers.