One of the chief obstacles to IT security isn't a Windows vulnerability, a zero-day attack, or a shortage of budget dollars. It's that @#&$!* 90-minute staff meeting, or the three-page "status report" that nobody ever reads.
That's one of the key messages that security professionals conveyed to us in Dark Reading's "A Day in the Life of a Security Pro," which was completed today.
Administrative stuff -- including paperwork, meetings, report generation, and the like -- takes up a disproportionate part of security staffers' days, respondents say. And the time spent on these tasks actually reduces those staffers' ability to do real vulnerability assessment, and may actually leave the organization less secure.
"Every morning I must sort and distribute reports, forms, and letters that were produced from nightly processing," complains an IT specialist in the federal government who asked to remain anonymous. "This can take from 30 minutes to four hours, depending on the day of the week, month, or year." With few security specialists in the department, "I think my time would be better spent elsewhere," he says.
Get the full story at Dark Reading.