Security Pros Bemoan the Need for Focus 62
Ant writes "Computerworld has an article about more proactive initiatives falling by the wayside. Operational and tactical considerations continue to dominate the IT security agenda, despite a growing need for more strategic approaches to data protection."
More of a strategic planning process.... (Score:5, Informative)
In just the first two paragraphs alone I was able to fill up my BULLSH*T BINGO card [perkigoth.com]. Let's see if I can write a useless statements containing lots of buzzwords. What's really needed is a short term strategy with long term synergestic goals that transcend all layers of the organization and implement proactive world-class security. Yep, I still got it.
Just think, if executives had more of a strageic planning process for the business in general, then US companies might be healthier and stronger, instead of sacrificing the future for short-term profits.
I guess it is just a slooooow news day.
Re:computers as appliances? (Score:1, Informative)
In a sense, you should. The Internet is just a means of routing packets. Clearly, it can't provide security between you and some other system.
That other system might be benign, or it might have every intention of attacking you if you give it the slightest chance. So, who's responsible for making you safe when you connect? You are, inevitably.
It would help a lot if you were able to choose a system which is secure by default and ideally there would be an international certification for rating its effectiveness. Then, as a consumer, you could just go out and buy the product appropriate to your needs, as if it were an appliance.
Bear in mind that an ordinary appliance only has a very small number of controls on it. It's therefore both good and bad to think of making a computer system appear more like an appliance. With a vastly reduced configuration space, such systems would be easier to test and certify, but in that form they would likewise have a relatively limited range of functions.
Re:Is this the right use of the word 'bemoan'? (Score:3, Informative)
As security professional, the fact of the matter is that more often than not the company doesn't let me do my job. Cost isn't even the main issue - understanding is.
If you think about moving into the security area, realize one thing: Half of your time will be spent convincing management that the other half is really necessary, and two thirds of that other half are dealing with either decade old issues (no encryption, weak passwords, not updated machines) or user stupidity (sharing passwords, disabling security features, not following procedure).
The sixth or so that's left is pretty thrilling, though.