More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. “We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our …
For once, some sense
Decent anaylisis. Big organisations are run on rulez. We have rulez, therefore there is no problem. A symptom of the reductionist fallacy at work, pun intended. The example of kit but no staff is so common when bean counters apply their limited world view to managing the largely unmanageable. In short the root cause is not technology, but managers not employing a full risk assessment, which includes all resources including enough expensive troublesome things called trained, skilled staff. Then governments might be sanely pursuaded that more rulez are not required. An example of a proactive approach was Lockheed 2 or so years ago. Known incoming, so honeypot was set up and waiting.
Some sense, yes...
In that a one-size fits all, tick-box compliance exercise does not mean that the risks have been managed or even identified. But some (most?) organisations possess neither the capability nor the will to fund a fully reactive, risk-based information security function. So until such time as the new EU breach/attack-sharing bears fruit and senior management actually see what is happening, it's policies, standards and checklists all round.
- Review This is why we CAN have nice things: Samsung Galaxy Alpha
- Ex-Soviet engines fingered after Antares ROCKET launch BLAST
- Hate the BlackBerry Z10 and Passport? How about this dusty old flashback instead?
- NASA: Spacecraft crash site FOUND ON MOON RIM
- NATO declares WAR on Google Glass, mounts attack alongside MPAA