« Storage Expo emphasis on data protection and security | Main | ROI from Cloud Computing »

Threat reports threats to credibility

KingS What do you think the outcome would be if you put security experts from Symantec, McAfee, ISS, Secure Computing, and SPI Dynamics into the same room and asked them each what they'd like to see written into a report telling the world what the latest Cyber Security Threats are? The result is the GTISC Cyber Threats Report, a report with about as much credibility as if they'd held a seance or read palms in order to decide what to write.

Oh look, just by coincidence between them all the experts present sell solutions for most of the problems being described. Now there's a thing!

The report has also been picked up by the BBC who see fit to publish this piece of FUD for consumption by the general public.

The industry is full of threat reports, statistics, white papers and experts galore employed by vendors to tell us what the threats are and what we need to be doing about them. "Buy more stuff - preferably our stuff. If you don't buy our stuff then don't be surprised to find you're stuffed!" The difficulty is not in deciphering what all this information is telling us but what it is not telling us. A salesman is hardly going to be telling you what his product doesn't do.

Expert opinion such as that presented by the GTISC Cyber Threats Report is a waste of ink and paper. Want a decent opinion on what's important in security? Here's a few links for you

IT Security: The view from here http://robnewby.blogspot.com/

Mike Rothman's Security Incite: http://securityincite.com/blog/mike-rothman/

Jeremiah Grossman: http://jeremiahgrossman.blogspot.com/

Info Security Advisor: http://www.infosecurityadvisor.com/general_blog

David Lacey: http://www.computerweekly.com/blogs/david_lacey/




Bookmark and Share


Posted by Stuart King on October 18, 2008 2:58 PM
| View blog reactions

TrackBack

TrackBack URL for this entry:
http://www.computerweekly.com/cgi-bin/mt/mt-tb.cgi/38697

Comments (2)

Anonymous:

The links for this year's Georgia Tech report is actually http://www.gtisc.gatech.edu/pdf/CyberThreatsReport2009.pdf, and the panel this year was larger and slightly more diverse, including PayPal's CISO and Equifax's VP of Security Investigations

Posted by Anonymous | October 22, 2008 5:40 PM

Posted on October 22, 2008 17:40

Mike Gillespie:

I could not have said it better myself. There appears to be a glut of security resellers out there prepared to make quite outragious claims against their products. Technology must start being seen as an enabler and not a solution!

Posted by Mike Gillespie | October 23, 2008 12:23 PM

Posted on October 23, 2008 12:23

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on October 18, 2008 2:58 PM.

The previous post in this blog was Storage Expo emphasis on data protection and security.

The next post in this blog is ROI from Cloud Computing.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]