CHICKENS COMING
HOME TO ROOST - 2011 EDITION
My views on information security
has not been something I have been quiet about in the past, but I was
.. intrigued .. yes thats the right word by a few articles I read
recently. Let me share some of it:
The
report adds: "The definition of a successful defense has to change from
'keeping attacks out' to 'sometimes attackers are going to get in;
detect them as early as possible and minimize the damage.' Assume your
organization might already be compromised and go from there."
Address :
<http://www.networkworld.com/news/2011/080811-apt.html>
Why? It’s simple - most of the
security professionals are tired of being hamstrung by C-level
executives and frustrated that their employers are content to be only
as secure as the auditor says they have to be. Who in the industry
hasn’t heard senior management go so far as to say they’d be willing to
take the “hits” from fines than pour dollars into compliance mandates
whose utility is questionable? The mindlessness of using regulatory
compliance as a information security ceiling hurts both the ego
and sense of professional responsibility of practitioners. One might
even go so far as to posit that some could choose to go the Anonymous
route as a way to take matters into their own hands.
Address :
<https://threatpost.com/en_us/blogs/opinion-are-anonymous-members-forged-crucible-it-compliance-080611>
Indeed the whole "Shady Rat" fiasco
reeks of companies relying on under-qualified, incompetent and
uneducated security professionals, policies, oversight and management.
There is no "but..." - it is what it is: "under-qualified, incompetent,
uneducated" *people* - not technology - that are to blame. However, as
Sophocles once said "What people believe prevails over the truth."
Address :
<https://www.infosecisland.com/blogview/15658-That-Shady-Rat-Was-Only-a-Security-Peer.html>
For so long, information security
in business has been more about ass-kissing then doing the right
things, that now we define success as - 'we will fail, but thats ok
becuase now we will try to fix it quickly'. Great, although I am glad
that the car industry is not allowed to work the same way. And then we
wonder why corporate IS staff get frustrated? we wonder why incompetent
people are allowed to carry on and even get promoted. I understand
there are many and varied reasons and multiple justifications for this
state of affairs, but the simple fact of the matter is that we live in
the world we have created, what we have now is what we have allowed.
The fact that success now is defined as failure with quick recovery is
what we have allowed.
There is not too much else to say,
except that I hope we enjoy watching the poultry coming home because it
is not stopping any time soon.