Access your Pro+ Content below.
The lack of computer security: We’re all responsible
This article is part of the Information Security magazine issue of November 2011
As we all know, non-stop reports of data breaches, data losses and hacking claims have put the spotlight on the state of information security. The constant negative attention on security is causing my mom, friends and neighbors to constantly ask, “What is wrong with security?! Why can’t these companies get it right?!” My answers are numerous and complicated; they are black, white, and gray. I ask myself, my peers, clients, vendors and security friends the same question and their answers are numerous, complicated and subjective, to say the least. The reality is each and every one of us is responsible for what’s wrong with security. Each participant in security must step up and improve the effectiveness of his or her involvement. Here’s what I hear as some of the most common explanations for the lack of computer security, along with suggestions for improvement: Security manager “I do not have time to deal with the audits, the scan results, the IDS events, the firewall policy changes, the security policy, etc. across the ...
Access this PRO+ Content for Free!
Features in this issue
PCI Security Standards Council plans to release a list of certified components in April.
An effective risk assessment process is essential, but many factors can skew the process and get in the way of security.
ISM November 2011 cover story: Eric Ogren on how virtual desktop infrastructure enhances compliance, data protection and malware protection.
Cybercriminals are zeroing in on small and midsize businesses with fewer security resources.
Columns in this issue
Security expert and Information Security magazine columnist Marcus Ranum talks to Richard Bejtlich, CSO and vice president, Mandiant Computer Incident Response Team (MCIRT) at security firm Mandiant.
We all have an explanation for weak security, but everyone needs to do their part to improve it.
China is being accused of hacking corporate, government and military networks in the U.S. for economic gain. Policy makers need to be versed in cybersecurity and figure out how to respond.