Access "Service-focused security offers best value to organization"
This article is part of the May 2009 issue of How automated compliance solutions can help you plan for your next audit
The tactics and personalities assumed by security teams have bred some rather novel approaches for implementing and promoting security practices within organizations. We've likely all seen the iron-fisted security group, which prefers the stick over the carrot, and tries to garner support and compliance through the spread of fear and uncertainty. Having seen an information security manager brute force C-level executive passwords and post them for all to see, I long ago concluded this approach doesn't work. Too often, security professionals damage relationships with key stakeholders through such aggressive tactics. Other security teams attempt to raise awareness for their practice through the more benevolent approach of security metrics. But implementing metrics that demonstrate the monetary value of a security practice to the C-suite is a conundrum. Realistic security metrics related to monetary value simply don't exist and never will except in a very few unique, isolated scenarios. While their approaches are radically different, the iron-fisted and the ... Access >>>
Premium Content for Free.
Changing times for identity management
Identity management technology is adapting to meet enterprise needs. Learn what products can improve security and ease compliance.
Do you need an IDS or IPS, or both?
by Joel Snyder, Contributor
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.
- Changing times for identity management
Cybersecurity Act of 2009: Power grab, or necessary step?
The Cybersecurity Act of 2009, also known as S.773, would give the president unprecedented authority over federal and private networks. Experts debate whether it's a power grab, or a signal of the seriousness of threats to critical infrastructure.
Ease the compliance burden with automation
Manual compliance processes are error-prone and drain corporate IT resources. Automated tools make a difference if you apply them to a well-organized compliance program.
- Cybersecurity Act of 2009: Power grab, or necessary step?
Service-focused security offers best value to organization
A service-oriented approach is the best way to demonstrate security's value and win support for security initiatives.
The Pipe Dream of No More Free Bugs
Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.
Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy?
by Marcus J. Ranum, Contributor
Security experts Bruce Schneier and Marcus Ranum debate whether users should have an expectation of online privacy.
- Service-focused security offers best value to organization
More Premium Content Accessible For Free
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...