By Alex HuttonRecently, I’ve heard some bits and pieces about how Information
Security (InfoSec) can be “threat-centric” or “vulnerability-centric”.
This stuck me funny for a number of reasons, mainly it showed a basic
bias towards what InfoSec *is*. And to me, InfoSec is too complex to be
described as “threat-centric” or “vulnerability-centric” and yet still
simple enough to be described at a high level in a few paragraphs in a
blog post. So I thought I’d write a “primer” post on what InfoSec is to
create a reference point.