Using War Games To Make Organizations More Secure 49
wiredmikey writes "Along with budget constraints and disconnect between IT and executive management surrounding information security, results of a recent survey show that a major problem is outright lack of understanding of threats. We all know the best way to get that budget increased, is to get hacked. Unfortunately, that could also result in you losing your job. Some companies, however, are taking creative approaches to both raise awareness and identify potential vulnerabilities. A manager with a large financial services group, for example, says that his company addresses security vulnerabilities by staging a series of what it calls 'war games,' in which a user or group of users is tasked with trying to compromise a system, while another user or group of users is tasked with preventing the break-in. Management needs to understand the security threat and its impact to business, and these 'war games' are an innovative and creative way for IT departments to convince executive management on security needs."
The ones you never see coming (Score:5, Insightful)
One thing to be aware of with war games is a knowledge of what they are designed to achieve. Not all of them are there to spot weakenesses, a lot could be there merely to provide assurance or arse-covering. In those cases, "winning" by succeeding in breaking in could be the worst outcome - either personally for the winner, or the people who were supposed to stop them. Often blame and punishment is a much cheaper solution than a fix.
this is new, HOW? (Score:5, Insightful)