Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Secure to the Core

Enemies Inside the Gates

Cautionary tales of Internet hackers extraordinaire and other dangers lurking in the Web forest have led us down the path of constructing steel doors in open fields. The emphasis has been on the doors, rather than on what they are protecting. Truth No. 2: We must become less perimeter-centric and more asset-centric, because the reality is we can't protect it all.

Security Program Structure
click to enlarge

Without a firm grasp of what we're guarding, where it resides and how valuable it is, how can we hope to quantify necessary levels of protection, much less achieve them? Without open lines of communication between IT and business units, how can security teams quantify the true threat to digital assets?

Unfortunately, when it comes to assets, the problem lies with the business and security teams; most business operators know little about infosec, and infosec practitioners know little about the business. Without a better understanding, a common ground will not be found.

In a cost-conscious economy, organizations don't need more expensive security controls, they need more effective ones. It's time to regroup, re-evaluate, and make 2003 the year holistic strategies take center stage.
Infosec Triage

  • 1