More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. “We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our …
For once, some sense
Decent anaylisis. Big organisations are run on rulez. We have rulez, therefore there is no problem. A symptom of the reductionist fallacy at work, pun intended. The example of kit but no staff is so common when bean counters apply their limited world view to managing the largely unmanageable. In short the root cause is not technology, but managers not employing a full risk assessment, which includes all resources including enough expensive troublesome things called trained, skilled staff. Then governments might be sanely pursuaded that more rulez are not required. An example of a proactive approach was Lockheed 2 or so years ago. Known incoming, so honeypot was set up and waiting.
Some sense, yes...
In that a one-size fits all, tick-box compliance exercise does not mean that the risks have been managed or even identified. But some (most?) organisations possess neither the capability nor the will to fund a fully reactive, risk-based information security function. So until such time as the new EU breach/attack-sharing bears fruit and senior management actually see what is happening, it's policies, standards and checklists all round.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Microsoft: Don't listen to 4chan ... especially the bit about bricking Xbox Ones
- Shivering boffins nail Earth's coldest spot
- Thought your Android phone was locked? THINK AGAIN