I saw this driver on the road this morning. I took this picture with my iPhone. As you can see the driver ran off the road dead-on to a pole. If you click on the image you can see that the driver is okay and standing in front of the car texting on his mobile phone.
I couldn't help but assume that he was driving while texing (DWT) and ran off the road. Whatever the driver was doing he wasn't paying attention behind the wheel. There is a security lesson in this for sure. The driver obviously had a destination or goal to reach when they started their commute.
Many security operations have goals and policies to achieve those goals. Policy is definitely different in each organization because each place has different assets. With so many challenges and silver-bullet solutions it is easy to lose sight of the goal. What exactly are we trying to protect again?
Another problem is that some organizations don't have policies, standards, and procedures documented. Without any standards in place organizations can never acheive any measurable level of of success. Some organization have security just to have security with no big picture.
There are many ways the Security Policy Life Cycle has been articulated, but to make a long story short:
1) Find out what assets you are protecting.
2) Establish security policy/goals/standards to protect the assets.
3) Establish procedures and guidelines to meet Step 2.
4) Implement (Don't take your eyes off the road)
5) Measure success (Audit).
6) Articulate findings (Are you protecting assets?).
7) Rinse and Repeat, Back to Step 1.