Like the blind men in the picture, everyone has a different opinion on Information Security.
For Business Owners, trying to get things done and bring in the cash, Security can be a roadblock.
For Security Engineers and Architects, evaluating the risk of a project, Security can be an endless rabbit hole of possible hacks and exploits.
For Project Managers, fighting against timelines and delivery goals, Security issues can be a ticking time bomb.
For Lawyers, negotiating a deal, Security risks can be moderated through carefully chosen words.
Depending on which side of the Matterhorn you are on, and how fast you are trying to reach your goal, Security can be perceived to stifle innovation, impede dynamic growth, reduce flexibility, impact deliverables and the list goes on and on.
In contrast, a balanced approach to security can spark thought-provoking discussions on policy, compliance, compensating controls, defence in depth, accountability, usability, risk management, innovation, and conservation.
Common complaints about Security from the other side of the room, are that it can
Is Security becoming the elephant in the room that everyone is aware of but no one wants to discuss?
What do you think, constitutes "reasonable security"? Is it what the majority agrees on?