Sorry, No ads on this site.

H a c k e r N e w s N e t w o r k

Defaced Pages Archive

HNN Affiliates

Affiliate Resources

I Want My HNN

Write For HNN

HNN Privacy Statement

Who Is HNN?











			
 
	
	






Security Is A Journey



By: Brent Huston



Many information technology (IT) people today have become more aware of
the problems associated with securing the systems they have designed,
implemented and managed. Indeed, security has become the number two hot
topic in the computer arena, falling only behind the impending Y2K crisis
in priority and budgeting. Yet while security professionals see this as
an awakening, many of us are afraid that IT staff members may still have
an incomplete view of the big picture. 


In today's information security marketplace there are hundreds of
vendors, products, ideas, technologies and consultants. Each of them has
their own spin on the way security should be handled by an organization.
There are so many "standards", proposals and rfp's, how could anyone
possibly consider all this information and reach the "best" solution. The
answer is it can not be done. The prudent IT manager has her staff
perform some research, gathers the data, mines it for summaries and
prepares the plan for action based on that level of detail. While many
vendors refer to this as "management by magazine", for many it is the
only possible process for decision due to the amazing volume of the
information to be managed.


The largest danger in this type of management process is that often it
leads to the development of the "infosec magic bullet" theory. This
occurs when a manager becomes so excited and convinced by the hype
generated around a specific product or technology that they begin to see
that option as a total security solution. This type of excitement and
product belief was best exemplified by the early days of the firewall
market. During the height of the firewall rush, it was a common thing to
hear an IT manager say, "We are secure. We have a firewall." Even today,
this pipedream still echoes in many boardrooms and meetings. Today's
technologies, and all the hype associated with them could be rebuilding
this idea of a "magic bullet" that secures the entire enterprise just by
being present on the network. Intrusion detection technologies and
virtual private networks seem to be the products driving the hype engines
today, bringing with them the resulting blind belief in a single soluti!
on.


IT managers need to realize that while technology is a great aspect of
security, it is only the point solution. Technology is deployed to
protect information, act as a perimeter sentry and provide insight into
threats faced by your organization. That technology requires a further
level of policy, however, to be effective. Without an underlying
information security policy to build a baseline for the deployment of the
technology and the creation of a ruleset for the systems and the people
involved to follow, all the security products in the enterprise are
weakened. In addition, as a base for that policy and ruleset, awareness
must be created within the organization to educate people about what is
deemed acceptable behavior and how to respond to events that threaten the
intellectual capitol of the company.


While "management by magazine" is here to stay, and will only be growing
in presence, it is our duty as security professionals to help combat the
"magic bullet" theory with a policy of full and factual disclosure. We
also need to realize the position of IT managers and staff and assist
them as best we can to make educated and effective decisions. While this
may extend the sales cycle a small bit it does help progress the entire
industry into the next level. And remember, security is a journey, not a
destination...








			

	
	
	







buffer overflow







HNN Store








c o n s

a b o u t

p r e s s

s u b m i t

s e a r c h

c o n t a c t





















	
Today
Yesterday
08/16/00
08/15/00
08/14/00
08/13/00
08/12/00
08/11/00