back to article Reconceptualising IT security

Traditional approaches to information security are incapable of dealing with today's threats. Just as the attackers have evolved, so the security industry needs to adopt new architectural models and techniques to deliver appropriate protection without imposing unnecessary costs. In a nutshell this is the thesis of our latest …

COMMENTS

This topic is closed for new posts.
Stop

Security is easy...

... just dont give any access to users!

0
0
Alien

solution

a. Use single sign on authenticated on a hardware device

b. Only allow authenticated and encrypted end-to-end encrypted communication.

c. Run your software from a readonly device

d. Don't download and run software over the Internet.

0
0
Thumb Up

I would add

e. Physically separate (no copper, no fiber, no wireless, no exception) your critical assets from the Internet

f. Give preference to spending on hiring competent people instead of buying the latest bells and whistles technology that vendors might shove at you

g. Stop outsourcing human thinking to software. Computers are supposed to work for us not to think for us.

0
0
Grenade

Interesting, but...

I don't necessarily agree with the idea of off-loading everything to the could. Besides, wasn't relying on the could part of HB Gary's downfall? (Among a myriad other things, yes, I know)

http://www.csoonline.com/article/677792/hbgary-s-hoglund-anonymous-not-at-all-what-people-think-they-are-

0
0
Silver badge

off-loading everything to the could.

Because they cloud?

0
0
Thumb Up

Not just C I A?

I like the whitepaper's take on breaking down the aspects of security into more practical bites. I wouldn't recommend sharing this paper with our clients, this is a very security professional audience focus. I would recommend keeping things simple, there is a benefit to maintaining Confidentiality, Integrity, and Availability as a selling tool to interested parties when talking about security practices.

kamransecurity.blogspot.com

0
0
Megaphone

Meh

"...Just as the attackers have evolved, so the security industry needs to adopt new architectural models and techniques to deliver appropriate protection without imposing unnecessary costs. ...."

I don't think we need a NEW architectural model - with today's frameworks it is possible to construct an architecural model for an enterprise that does take into account the realities of data replication.

What we do need is more diligent application of architectural approaches.

0
0
This topic is closed for new posts.

Forums