Wednesday, 30 October 2013

With security, prayer is not the answer


October 29, 2013









Are you a mathematician or a priest?


What I mean: I'm always amazed by the lack of real data brought to bear in computer security and how people push agendas that have little basis in fact. It can leave an old computer security pro like me disillusioned.


[ InfoWorld presents the Bossies 2013, the best open source software for security, data centers, clouds, and more. | Keep up with key security issues with InfoWorld's Security Central newsletter. ]


We're told that buying the latest and greatest security product will be the answer to all our prayers. We buy it and implement it -- yet it doesn't stop the bad guys from breaking in.


If you want to become a better computer security practitioner, use your own data to make better decisions. It's there for the taking.


I'm surprised at how many companies don't understand how they've been compromised. You can talk to almost any company's computer security employees and ask, "What is the No. 1 way your company is most exploited?" but rarely will you get the right answer. The CIO or CSO won't know. And if the very people in charge of your defense don't understand how to rank threats by risk level, how can they fight them effectively?


Instead, you usually have one or more influential employees (and their preferred vendors) pushing solutions that sound great, but rarely address big problems head-on. When I confront computer security employees with what's really wrong and how to fight it better, I'm often surprised how many leave the meeting hearing something else.




Source: http://www.infoworld.com/d/security/security-prayer-not-the-answer-229683?source=rss_infoworld_blogs
Similar Articles: World Series 2013   steelers   Marquez vs Bradley   Monika Jakisic   kobe bryant  

No comments:

Post a Comment