Ted Demopoulos    Demopoulos Associates
keynote speeches
Security, IT, Business Consulting
securITy newsletter
Articles

Ted Demopoulos’ securITy
___________________________________________________________

The free newsletter of Demopoulos Associates, www.demop.com

Please forward this newsletter to anyone you know who might enjoy it!

The Three Biggest Challenges With Cyber Security Today

Richard Hammer is the first graduate of the SANS Technology Institute, a postgraduate Information Security College that grants Masters of Science degrees in Information Security. He has worked at Los Alamos National Laboratory for over 20 years and teaches at the College of Santa Fe. The following is based on a series of emails and phone calls I had with Richard recently.

1) Reactive, Not Proactive, Actions

Companies and government agencies are not proactive in implementing cyber security best practices. Solutions do not get implemented until data is lost or compromised AND public pressure or government regulations force implementation.

Full disk encryption is a very good example. It has been well know for some time that data at rest can only be protected with physical security or encryption and yet we still read about companies and government agencies losing un-encrypted laptops.

2) The Compliance Mentality

The compliance mentality is another big issue in cyber security. Good security practices lead to good compliance -- NOT the other way around.

Filling out check boxes and compliance reports does not protect data.

Going back to the hard drive encryption example, why hire someone to determine how many systems do not have encryption installed and produce a report, when allotting resources to encrypt all the laptops is simple and cost effective and then the report is easy.

3) High-level Decision Makers often not Technically Sound

The people making the high-level cyber security decisions are often not technically sound.

The “wait until something bad happens” mentality compounds this problem, and together with then being forced to implement something to “stop the bleeding quickly” makes it worse.

The combination of a lack of skills and the need to implement quick fixes is not good for overall security, but will allows checking off some box that “We Responded.”


Thanks Richard!

________________________________________________

The free newsletter of Demopoulos Associates, www.demop.com

This newsletter is Copyright © 2007 by Demopoulos Associates, Durham, New Hampshire, USA.  All rights are reserved, except that it may be freely redistributed if unmodified.

Sharing securITy is encouraged if the copyright and attribution are included.

 Subscribe to the securITy newsletter

Name
Email

We NEVER rent, sell, or share email addresses.

Please forward this newsletter to anyone you know who might enjoy it!

© Copyright 2002-2013, Demopoulos Associates