ABSTRACT
Security is often viewed as an “after-the-fact” service that
sets policy to protect physical and logical assets of the
company. In the event that a policy is violated, the security
organization is charged with making a record of the violation
and correcting the circumstances that permitted the violation
to occur. Unfortunately, the computer security department
(CSD) is usually viewed in the same light and both are
considered cost-based services. To change that school of
thought, security must become a value-added business
partner, providing guidance before and after incidents occur.
SECURITY CONTINUUM
