back to article Reconceptualising IT security

Traditional approaches to information security are incapable of dealing with today's threats. Just as the attackers have evolved, so the security industry needs to adopt new architectural models and techniques to deliver appropriate protection without imposing unnecessary costs. In a nutshell this is the thesis of our latest …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Stop

    Security is easy...

    ... just dont give any access to users!

  2. doperative
    Alien

    solution

    a. Use single sign on authenticated on a hardware device

    b. Only allow authenticated and encrypted end-to-end encrypted communication.

    c. Run your software from a readonly device

    d. Don't download and run software over the Internet.

    1. Anonymous Coward
      Thumb Up

      I would add

      e. Physically separate (no copper, no fiber, no wireless, no exception) your critical assets from the Internet

      f. Give preference to spending on hiring competent people instead of buying the latest bells and whistles technology that vendors might shove at you

      g. Stop outsourcing human thinking to software. Computers are supposed to work for us not to think for us.

  3. Carol Orlowski
    Grenade

    Interesting, but...

    I don't necessarily agree with the idea of off-loading everything to the could. Besides, wasn't relying on the could part of HB Gary's downfall? (Among a myriad other things, yes, I know)

    http://www.csoonline.com/article/677792/hbgary-s-hoglund-anonymous-not-at-all-what-people-think-they-are-

    1. Ole Juul

      off-loading everything to the could.

      Because they cloud?

  4. kamransecurity
    Thumb Up

    Not just C I A?

    I like the whitepaper's take on breaking down the aspects of security into more practical bites. I wouldn't recommend sharing this paper with our clients, this is a very security professional audience focus. I would recommend keeping things simple, there is a benefit to maintaining Confidentiality, Integrity, and Availability as a selling tool to interested parties when talking about security practices.

    kamransecurity.blogspot.com

  5. DiggerDave
    Megaphone

    Meh

    "...Just as the attackers have evolved, so the security industry needs to adopt new architectural models and techniques to deliver appropriate protection without imposing unnecessary costs. ...."

    I don't think we need a NEW architectural model - with today's frameworks it is possible to construct an architecural model for an enterprise that does take into account the realities of data replication.

    What we do need is more diligent application of architectural approaches.

This topic is closed for new posts.

Other stories you might like