Access your Pro+ Content below.
Forming enterprise security best practices from past mistakes
This article is part of the September 2004 issue of Information Security magazine
George Santayana's warning, "Those who cannot remember the past are condemned to repeat it," is constantly played out by infosecurity professionals, especially in the unfortunate repetitions of easily prevented security failures and wasteful overreactions to threats. Security practitioners who lack a firm foundation in the profession's history will continue to retard infosecurity's growth as a mature discipline. Measuring risk and generating enterprise security best practices are impossible without applying historical experience. Case in point: the general lack of skepticism about "hostile Web sites." This summer's warnings about vulnerabilities in Internet Explorer had a familiar ring to them, and for good reason--we've had multiple, similar warnings for more than a decade, ever since Java was mistakenly characterized as a significant danger to the Internet. Security pros with a grounding in history won't squander resources on such low-risk threats. They know HTTP is an insignificant source of malware compared to e-mail, file ...
Access this Pro+ Content for Free!
Features in this issue
Despite heightened post-9/11 security awareness, the U.S. is exposed to numerous critical infrastructure threats.
Emerging Web app security services and products bring source code vulnerabilities to light, writes James C. Foster.
Offshoring is good for business, but lax security practices can torpedo your investment.
Columns in this issue
Would you tell your enterprise security secrets if you could hear others? Lawrence Walsh explains why he thinks communication in the security field is lacking.
Measuring risk and forming best practices relies on learning from past experiences. Analyst Jay Heiser explains how security tactics in the past, echo in todays world.
Do you rush to deploy patches, hot fixes or service packs as soon as possible? Victor Garza explains why this may not necessarily be the right decision.
See why Watchfire's acquisition of Sanctum does not spell the end for web app security.
The information security officer will soon go the way of the dodo bird.