Feeds

back to article The evolving role of the IT security manager

Security has long been the poor cousin of IT. As any security professional knows, the way we have traditionally implemented security is tantamount to a technological afterthought. Through the years we have attempted to block holes, protect the periphery and lock down access rights for running systems, in the knowledge that IT …

COMMENTS

This topic is closed for new posts.
Linux

Who????

"...the way we have traditionally implemented security is tantamount to a technological afterthought..."

Ahhh! That will be Microsoft you are talking about then :-)

0
0
Anonymous Coward

Managed Security Services

...are the best solution for many situations, because even larger organizations cannot amass the expertise to detect data exfiltration (e.g. by spearfishing) in a timely manner.

Of course, IT departments have to carry part of the burden by patching in a timely manner, locking down PCs and migrating to modern versions (see IE6.0).

Network defense requires a lot of expertise and that is simply often non-existent in IT departments.

0
0
Anonymous Coward

Security as a business process

" ‘the business’ is in a far better position to decide the risks, than anyone in IT"

Perhaps that should say "the business should be in a better position..." - if the management actually understand the risks and and can make an appropriate decison, then I would agree. However, from previous exerience with many companies, most managers at all levels tend to seriously under estimate risks and the costs involved.

Far too many managers focus on their own areas of responsibility and have at best a limited knowledge of how incidents will affect the overall business - and there is all too often a culture that supports a policy of "it's someone else's problem".

0
0
FAIL

Risks

" ‘the business’ is in a far better position to decide the risks, than anyone in IT"

Provided that they know about the IT issues and can relate that to business success. That is like saying "provided that they have ten meters of wingspan and good muscles, pigs can fly".

Most manager are ignorant idiots who could not care less about IT security. They will only do something as soon as the dirty emails to their mistress are being posted on the USENET. "I approved the purchase of Norton AntiVirux for the whole company, can't you see I am concerned about security ? And now please leave me alone with my favourite toys powerpoint and excel. Also, I have to review the latest youpr0n.com clips. Carpe Diem !"

0
0

Thanks JLocke and AC

You're absolutely right on all counts of course. Let me say the vantage point of the business is a far better place than that of IT. Ultimately, business management is responsible for information security, not IT management - so there is a question about taking responsibility here. Perhaps the simple question is "who goes to jail?" - but while IT is constantly trying to second-guess the risks or patch holes caused by poor attitudes, nobody gains.

0
0
This topic is closed for new posts.