Thursday, November 1, 2007
Pete Lindstrom and Linda Stutsman about "best practices"
This post from Mr. Lindstrom is very interesting. Mainly because I totally agree with him on that "there is no such thing as best practices, but I also believe there really should be such a thing". It's very hard to work on a field where you can't show that you performed well. Particularly for me, it's even worse to see very bad professionals claiming that they are selling/deploying "best practices".I also like when Mrs. Stutsman said that "There may a best practice within an industry but it's tough to go across industries". PCI-DSS is a very good example on that.Putting this and a last comment from Anton Aylward that I mentioned here together I'm starting to believe that we need to build some kind of "basics best practices". We already know pretty much about how to deal with the basics aspects of Information Security, so let's put aside those things that will always change from business to business and build something that every company can use as a way to ensure that its security doesn't sucks, at least.Using Anton's words again, "Lets worry about the baseline before we try to address the esoteric".