Feature

IT security needs a new metaphor

IT security managers are rethinking their approaches to security in large organisations and re-evaluating upcoming threats.

It is no longer fashionable to regard security as a fortress to keep people out. The new analogy is an airport, where anyone can enter, but access to different areas is then strictly policed by a series of checks and controls.

John Stewart of Signify, an IT security consultancy, outlined five areas of IT security when he spoke to IT directors at September's BCS Elite Conference.

The role of the immigration officers, inspecting credentials and deciding who is allowed in, is played by firewalls. Identity management is the passport office, which issues and verifies those credentials. Content security equates to the x-ray machines used to check luggage; encryption is the diplomatic bag that ensures confidential documents are not snooped on; and intrusion detection is the CCTV that monitors all activity and spots threats.

Although simplistic, this kind of analogy is ideal for communicating ideas about security, especially to business managers, for whom it is a turn-off topic on the wrong side of the balance sheet.

Take virus and worm protection. Having persuaded managers to invest in e-mail protection, we need more than just technical arguments to win the cash needed to tackle future threats of, say, malicious code seeping through web browsers when XML applications hit the desktops.

IT directors and managers will increasingly need to learn how to shape their arguments to address business fears: damage to reputation, loss of current or future business, and court action.

The finance sector, now under intense regulatory pressure to measure operational risk, is setting the pace. What it does now will eventually affect all sectors. Now is the time to start preparing those metaphors and analogies.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in October 2003

 

COMMENTS powered by Disqus  //  Commenting policy