Ted Demopoulos’
securITy
December 2007
___________________________________________________________
The free newsletter
of Demopoulos Associates,
www.demop.com
Please forward
this newsletter to anyone you know who might enjoy it!
The Three Biggest
Challenges With Cyber Security Today
Richard Hammer
is the first graduate of the SANS Technology
Institute, a postgraduate Information Security College that grants
Masters of Science degrees in Information Security. He has worked at Los
Alamos National Laboratory for over 20 years and teaches at the College of
Santa Fe. The following is based on a series of emails and phone calls I had
with Richard recently.
1) Reactive, Not Proactive, Actions
Companies and government agencies are not proactive in implementing cyber
security best practices. Solutions do not get implemented until data is lost
or compromised AND public pressure or government regulations force
implementation.
Full disk encryption is a very good example. It has been well know for some
time that data at rest can only be protected with physical security or
encryption and yet we still read about companies and government agencies
losing un-encrypted laptops.
2) The Compliance Mentality
The compliance mentality is another big issue in cyber security. Good
security practices lead to good compliance -- NOT the other way around.
Filling out check boxes and compliance reports does not protect data.
Going back to the hard drive encryption example, why hire someone to
determine how many systems do not have encryption installed and produce a
report, when allotting resources to encrypt all the laptops is simple and
cost effective and then the report is easy.
3) High-level Decision Makers often not
Technically Sound
The people making the high-level cyber security decisions are often not
technically sound.
The “wait until something bad happens” mentality compounds this problem, and
together with then being forced to implement something to “stop the bleeding
quickly” makes it worse.
The combination of a lack of skills and the need to implement quick fixes is
not good for overall security, but will allows checking off some box that
“We Responded.”
Thanks Richard!
________________________________________________
The free newsletter
of Demopoulos Associates,
www.demop.com
This newsletter is Copyright © 2007 by Demopoulos
Associates, Durham, New Hampshire, USA. All rights are reserved,
except that it may be freely redistributed if unmodified.
Sharing
securITy is encouraged if the copyright and attribution are
included.
Subscribe to the securITy
newsletter
We NEVER rent,
sell, or share email addresses.
Please forward
this newsletter to anyone you know who might enjoy it!
|
