Newsletters Welcome, Guest Log In | Register
Blogs:

Mike Vizard

IT Unmasked

Revealing the Business Value of Innovation

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

1

The Security Delusions of Compliance

Posted by Michael Vizard Dec 21, 2009 4:59:19 PM

All too often, there is a tendency to measure security in terms of compliance. Unfortunately, the definition of compliance with any particular regulation usually comes down to meeting the bare minimum requirements. The end result is that while thousands of organizations can meet compliance requirements, very few of them are actually secure.


As we gear up for 2010, a lot of organizations that are laboring under a certain illusion of security today are about to discover how insecure they really are. This is because, as Sentrigo CTO Slavik Markovich points out, the bad guys are adopting automation tools at a faster rate than the good guys. Botnets are about to get more sophisticated, which means they will be able to take advantage of exploits faster than ever.


And just to make things even more challenging, Markovich says he expects to see cases where malicious crime organizations go to the trouble and expense of trying to plant moles within high-value targets to gain access to security codes. After all, if three months working as a janitor is what is required to gain access to million-dollar accounts, Markovich points out that there is no shortage of criminal accomplices willing to do a little manual labor.


None of this means that IT organizations should give up on security. But it does mean that they should focus more reducing the surface area of the data that can be attacked. That means only holding on to data that your organization needs, while getting rid of, for example, credit card data as soon as possible.


Only about 10 percent of security has anything to do with technology. The vast majority is related to policies and procedures. As is common everywhere, cyber-criminals are exploiting human frailties, or what they like to call human engineering. The challenge that IT organizations will face in 2010 is how to work around those human frailties to better secure their organizations.

More from our Network

Cloud Computing Security Conundrum  Network Security Edge

US-CERT Warns of Cisco, Juniper Security Flaws  Network Security Edge

Firewalls Need to Be Managed in Context of an Overall ROI Framework  CTO Edge

IBM to Buy Database Security Startup  Network Security Edge

Comcast Homepage Hackers Indicted  Network Security Edge

Add a comment Leave a comment on this blog post.
Dec 22, 2009 1:10 PM Guest Dwayne Melancon  says:

Good summary, Mike.  The tricky thing about "compliance" is it often measures how well you document your polices and follow them - it doesn't necessarily test to see how good your policies actually are, nor how well you follow them beyond the pretty reports you show the auditors.  In other words, it's kind of like getting a "Perfect Attendance" award at school - you were there, but that doesn't mean you didn't sit in the back of the class and goof off all year.
Reply

Related Content

Browse

Topic: Network Security

Protect and preserve your network, your data and the life of your business

Blog: Get Out the Bug Spray: September is the Month of Bugs

Article: Computer Network Defense (CND) and the Intelligence Community – A Higher Level of Security

White Paper: Sustainable Identity and Access Governance

Related Topics

Compliance

White Papers, Events, and Resources

Practical Approaches for Securing Web Applications Across the Software Delivery Lifecycle

Read this white paper to learn how to implement a robust process for integrating security and risk management throughout the Web application software development lifecycle.

Should You Install Messaging Security Software on Your Exchange Server?

This white paper discusses the detailed results of an Osterman Research survey on messaging security software and conclusions about administrators' attitudes regarding installing third-party software on the Exchange server.

Resource Centers

Browse

Database Management

Data management tips and techniques that insure ease of access, comprehensive security and absolute privacy for your invaluable company information.

Featured Whitepapers

Oracle Active Data Guard

Open Source Data Management Solutions

Data management and storage solutions, tips and best practices to improve the scalability, reliability, and accessability of your data.

Featured Whitepapers

Open Source Master Data Management: The Time Is Right

Enterprise Manager

Tools, best practices and expert advice on managing your enterprise IT infrastructure, databases, and Web service components.

Featured Whitepapers

Business-Driven IT Management

Data Center Management

Indispensable technologies and best practices to maintain your organization's most valuable asset.

Featured Whitepapers

A Scalable, Reconfigurable, and Efficient Data Center Power Distribution Architecture

Premium Tools

Browse

IT Security Manual Template

Updated for 2010 Threats!  Immediately download a customizable set of documents and templates that covers every aspect of IT Security. These templates are compliant with ISO27000, HIPAA and Sarbanes Oxley standards.

Learn more >

Securing Your IT Environment

This research-driven best practices guide steps you through the entire process of securing your network and other elements of your IT environment.

Learn more >