Home > Information Security Magazine > Columns > Viewpoint
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Viewpoint
Issue: Nov 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   NEXT PAGE  >

Don't Blame the Old Folks
I read most articles written by Bruce Schneier and Marcus Ranum; in general, they hit the mark and have a good understanding of security and the society in which we live. In this article (Face-Off, September 2007), I would disagree with their arguments. I think security is too complex today-- and the trend continues--to point the finger at ISPs or old folks.

Yes, ISPs have a major role in this chain of services and security. Yes, the old folks will die, but will the bad habits die with them? I highly doubt it.

I think there should be a concerted approach to security. Home users need more secure computers out of the box, reliable and safe connectivity and networks, but also more and better knowledge regarding their personal risks related to the activities they're undertaking on their computers and on the Internet. In other words, give them options.

Let's remember that having better police, legal system or prisons hasn't stopped organized crime from doing what they do.

Catalin Bobe, President, SecureBase Consulting


Starts at the Top
The issues (identity management and data leakage) as well as the rules and regulations (Sarbanes-Oxley, PCI, data breach laws and privacy laws such as the Gramm-Leach-Bliley Act and state data breach notification laws) cited in the article ("IT pros impede PCI, Sarbanes-Oxley compliance," SearchSecurity.com, August) are business issues rather than simply IT or compliance issues. As such, they should be dealt with through corporate governance.

If there is actually discord regarding which legislation or regulations have a greater weight, then management must provide direction.

Corporate governance (e.g., COSO) and/or IT and security governance frameworks (e.g., ISO 17799/27001, Cobit, NIST) seem to be in sync here. If the groups noted in the summary aren't receiving meaningful direction on enterprise risk, it seems natural to divide along "party lines."

Without clear direction from the top, lower levels of management are forced to try and make assignments that are out of their pay grade. The desire to do a good job (and not get blamed for failures) leads to turf wars, with each group focused on risk as they understand it given their limited view of corporate level governance.

Turf wars serve only to increase risk to the corporation, management, employees, clients and investors.

Another possibility is that the study, the summary or both are flawed.

Karl Wabst, Independent Technology Governance Consultant


Contact Us
Send your comments to feedback@infosecuritymag.com.
We reserve the right to edit letters for clarity and space.

< PREV PAGE   |   1  |   2  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts