Access your Pro+ Content below.
Security practitioners should demand security intelligence sharing
This article is part of the September 2004 issue of Information Security magazine
Here's a paradox we constantly deal with: Security is dependent upon communication, yet few are willing to talk about it. Security practitioners are among the tightest-lipped corporate beings in the world. Sure, put a bunch of propeller heads in a room together and they'll bad-mouth every Windows vulnerability they've ever come across. But don't expect specific, meaningful details about their companies' security programs. There are good reasons for shutting up. If you spill the beans about last week's security incident, you run the risk of diminishing shareholder and customer confidence--and getting fired. If you talk about your security architecture and strategy, you may reveal vital information to miscreants and hackers. And, if you boast about your security, you paint a big bull's-eye on your enterprise. Yet, when Information Security examined the state of critical infrastructure security (see "Mission: Critical"), we found that the key to protecting digital assets, and, ultimately, national security, is the open and ...
Access this Pro+ Content for Free!
Features in this issue
Despite heightened post-9/11 security awareness, the U.S. is exposed to numerous critical infrastructure threats.
Emerging Web app security services and products bring source code vulnerabilities to light, writes James C. Foster.
Offshoring is good for business, but lax security practices can torpedo your investment.
Columns in this issue
Would you tell your enterprise security secrets if you could hear others? Lawrence Walsh explains why he thinks communication in the security field is lacking.
Measuring risk and forming best practices relies on learning from past experiences. Analyst Jay Heiser explains how security tactics in the past, echo in todays world.
Do you rush to deploy patches, hot fixes or service packs as soon as possible? Victor Garza explains why this may not necessarily be the right decision.
See why Watchfire's acquisition of Sanctum does not spell the end for web app security.
The information security officer will soon go the way of the dodo bird.