Jan 03, 2017
Why the bad blood between InfoSec and Remediation teams? The reality is, they need each other. They just don't always work alongside each other, or use the same metrics, or see things the same way, or...well, let's just say there's a lot of baggage there.
Within many organizations, security teams and remediation teams are in need of a good marriage counselor. Conflictridden, confrontational, distrustful, and a host of other words may be used to describe these relationships, while phrases like harmonious, collaborative, and productive don't often apply.
The crux of the matter is this: Security teams are responsible for identifying the risks, vulnerabilities, and threats confronting the business, but they most often won't be responsible for actually addressing those issues. Security teams are reliant upon remediation teams--the individuals who typically don't have security in their titles, but are essential players in security nevertheless.