I'd say there is far more to security than just hacking and programming. Just as software development is more than programming, information security is more than SQL injection or whatever the new hot topic is. An advanced security practitioner will understand requirements, testing, penetration, and security documentation.
To state that security is only about the nitty-gritty is to miss what security is all about. Security is about protecting information to the level a customer or regulatory agency requires. It will involve risk assessments as well as vulnerability assessments. It will involve addressing the potential consequence of loss of the confidentiality, integrity, and availability of data.
To state that security is only about the nitty-gritty is to miss what security is all about. Security is about protecting information to the level a customer or regulatory agency requires. It will involve risk assessments as well as vulnerability assessments. It will involve addressing the potential consequence of loss of the confidentiality, integrity, and availability of data.
Articles like this do a disservice.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1861/534#534