Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one

Adeptus-Mechanicus - BlogMe


Controls and Threats

If the last 2 years have taught me anything, it is that controls around IT security are needed. That was a new thing. I mean I always knew that they were needed, but it was always an afterthought. Now those of you who know must not start reaching for the pitchforks and kindling, I am still a great believer in dealing with threats and what is actually happening. I just never knew how to combine the two. Well I was listening to an older interview with Richard Bejtlich (http://taosecurity.blogspot.com/) who I ALWAYS enjoy (great stuff go sign up for his RSS and Twitter and everything else… go on, I’ll wait).

A comment was made that IT security people are always ‘firefighters’, and he said “Great, every company needs firefighters. There was never a town that did not need firefighters. They are always the heroes, go to the fire, save the kids and pets, put it out. But the next stage of maturity is not to replace them but to supplement them with Fire Marshals.”

Those are the chaps who go around and make sure buildings are up to code and that garages do not let fuel, stuff like that. You see the Fire Marshals are ‘controls’ and the Firefighters are the ‘threat-based’. The two are not exclusive but work together to create a much safer environment, I mean even if you had firefighters you do not want to rescued on a monthly basis.

I really thought this was a good way of explaining it, and it is succinct enough to use a quick “elevator-pitch” for management. Catchy and meaningful.

Published by erich, on January 14th, 2011 at 2:19 am. Filled under: GeneralNo Comments

No comments yet.

Leave a Reply