Viewpoint: Don't blame generation gaps for poor home security - Information Security Magazine - Page 1

Viewpoint: Don't blame generation gaps for poor home security

Don't Blame the Old Folks
I read most articles written by Bruce Schneier and Marcus Ranum; in general, they hit the mark and have a good understanding of security and the society in which we live. In this article (

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Face-Off, September 2007), I would disagree with their arguments. I think security is too complex today-- and the trend continues--to point the finger at ISPs or old folks.

Yes, ISPs have a major role in this chain of services and security. Yes, the old folks will die, but will the bad habits die with them? I highly doubt it.

I think there should be a concerted approach to security. Home users need more secure computers out of the box, reliable and safe connectivity and networks, but also more and better knowledge regarding their personal risks related to the activities they're undertaking on their computers and on the Internet. In other words, give them options.

Let's remember that having better police, legal system or prisons hasn't stopped organized crime from doing what they do.

Catalin Bobe, President, SecureBase Consulting


Starts at the Top
The issues (identity management and data leakage) as well as the rules and regulations (Sarbanes-Oxley, PCI, data breach laws and privacy laws such as the Gramm-Leach-Bliley Act and state data breach notification laws) cited in the article ("IT pros impede PCI, Sarbanes-Oxley compliance," SearchSecurity.com, August) are business issues rather than simply IT or compliance issues. As such, they should be dealt with through corporate governance.

If there is actually discord regarding which legislation or regulations have a greater weight, then management must provide direction.

Corporate governance (e.g., COSO) and/or IT and security governance frameworks (e.g., ISO 17799/27001, Cobit, NIST) seem to be in sync here. If the groups noted in the summary aren't receiving meaningful direction on enterprise risk, it seems natural to divide along "party lines."

Without clear direction from the top, lower levels of management are forced to try and make assignments that are out of their pay grade. The desire to do a good job (and not get blamed for failures) leads to turf wars, with each group focused on risk as they understand it given their limited view of corporate level governance.

Turf wars serve only to increase risk to the corporation, management, employees, clients and investors.

Another possibility is that the study, the summary or both are flawed.

Karl Wabst, Independent Technology Governance Consultant


Contact Us
Send your comments to feedback@infosecuritymag.com.
We reserve the right to edit letters for clarity and space.

 

This was first published in November 2007