A Situational Approach to Integrity

Abstract

Orthodoxy can be both beneficial and destructive. Without a certain amount of orthodoxy in defining security practices and terminology, for example, it would be impossible to develop useful standards. However, orthodoxy should never be an end in itself. Security professionals should be judged according to the effectiveness of their recommendations and actions, not by the number of individuals that quote from their catechism. And yet despite the valuable efforts of a number of professional associations and practitioners to develop a common body of knowledge for information security, I believe that we are inexorably moving toward a world in which circumstances are almost as important as standards and definitions. Such an existential approach to security does not imply an intellectual free-for-all; it means being pragmatic, responsive to individual situations, but in a disciplined and internally consistent manner.