As the saying goes, “security depends 30% on technology and 70% on management.” Most important to a company’s security is the outcome. Although the plan can seem wonderful, it still needs to be inspected for its effectiveness.
As mentioned in Chapter 1, “Our World View of Security,” security is a continuous process. And the aim of security operations is to be a continuous process. A healthy company should depend on security operations to be threat free.
How do Internet companies create their own security blueprint? Speaking from a strategic viewpoint, Aberdeen Group mentioned three phrases: find and fix, defend and defer, and secure at the source (Figure 18.1).