Failure of Security (Score 1)

The fault lies on many fronts for the failure of information security, and all of the other disciplines of security. In the past the security profession had a limited scope. The industrial park security guard was the American stereotype for the profession. Since, the security profession has become more specialized. The multiple disciplines like information, personnel, industrial, education and training, intelligence, and system security engineering are only a few examples of the specialization. With the specialization, more training and education is required to fill these more technical positions. So where does security start to fail. From my experience I have seen all of the specialized security positions create single point failures. What this means is only one person can do this function and when they are away TDY, vacation, or home sick, the position becomes a single point failure because there is no reach back. With limited personnel due to doing more with less, and the one position one person mentality, the failure of security becomes apparent. This also impacts the ability for security managers to discipline the only person they have doing the job, because the risk of losing the employee and the time replacing them could outweigh the benefit of losing them. It also creates time impacts and inhibits security professional the ability to conduct reviews of there contractors, and their own processes to ensure compliance. This leads the contractors to complacency. It impacts the ability to allow security professionals to receive training on new culture changes and stay current with the latest policies and directives. The truth is management needs to step back and realize that doing more with less is really doing less with less and creates failure.