Access "Layer 8: When security is a losing battle"
This article is part of the July 2005 issue of Why business managers are a breed of security professional
If your enterprise doesn't care about security, there isn't much you can do. I've stopped sugarcoating one particular piece of bad news: If your organization doesn't take security seriously, there's probably nothing you can do about it. But how can you tell if your expectations are too high, or if your employer is a front-page news story waiting to happen? Enterprises that have the potential to be serious about security first need to be serious about risk management. Security practitioners have an easy time when the organization has a specific risk management framework, which includes consistent assessment methods, a shared vocabulary and an ongoing risk-reporting system. These elements engender a risk culture that has enough momentum to maintain consistency in spite of personnel changes. It's an environment in which security managers can flourish. If your company doesn't have such a culture, you ain't gonna talk the board of directors into creating one. It's that simple. Excellence rolls downhill—it's not something that can be created at the grassroots ... Access >>>
Premium Content for Free.
Linux's Best Friend
Thanks to YUM, Linux updates are as reliable as Old Yeller.
Corrent's SR110 SSL VPN Web Security Gateway
by Mike Chapple, Enterprise Compliance
Read about Corrent's SR110 SSL VPN Web Security Gateway with Check Point Connectra 2.0.
Intrusion Detection: Tripwire's Enterprise 5.0
by Scott Sidel, Contributor
June 2005 review of Tripwire's Enterprise 5.0
The Business Case for Network Security: Advocacy, Governance and ROI
Read a review of the book: The Business Case for Network Security: Advocacy, Governance and ROI.
Finding a comprehensive identity and access management architecture requires leadership to navigate the technology and implementation labyrinth.
To gain buy-in and support for your security policies, it's best to start at the top.
- Linux's Best Friend
Hot Pick: NetContinuum's NC-1000 Application Security Gateway 4.3
NetContinuum's NC-1000 Application Security Gateway v4.3
nCircle's IP360 Vulnerability Management System product review
Product review of nCircle's IP360 Vulnerability Management System pricing, setup, configuration, assessment, and installation feature information.
Recent Releases: Security product briefs, July 2005
Read about the security products released in July 2005.
Meet the New Champions
CIGNA makes business managers responsible for security.
Seven ways to leverage your infrastructure against spyware.
- Hot Pick: NetContinuum's NC-1000 Application Security Gateway 4.3
Layer 8: When security is a losing battle
Publisher's Note: Security goals
How important is malware defense in the minds of security professionals? You may be surprised by our 2005 Security Priorities survey.
Ping: Karen Worstell
Perspectives: Lessons learned in BS 7799 certification
Bank of Montreal shares seven lessons learned as it achieved BS 7799 certification.
- Layer 8: When security is a losing battle
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...