IT security needs a new metaphor
IT security managers are rethinking their approaches to security in large organisations and re-evaluating upcoming threats.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
It is no longer fashionable to regard security as a fortress to keep people out. The new analogy is an airport, where anyone can enter, but access to different areas is then strictly policed by a series of checks and controls.
John Stewart of Signify, an IT security consultancy, outlined five areas of IT security when he spoke to IT directors at September's BCS Elite Conference.
The role of the immigration officers, inspecting credentials and deciding who is allowed in, is played by firewalls. Identity management is the passport office, which issues and verifies those credentials. Content security equates to the x-ray machines used to check luggage; encryption is the diplomatic bag that ensures confidential documents are not snooped on; and intrusion detection is the CCTV that monitors all activity and spots threats.
Although simplistic, this kind of analogy is ideal for communicating ideas about security, especially to business managers, for whom it is a turn-off topic on the wrong side of the balance sheet.
Take virus and worm protection. Having persuaded managers to invest in e-mail protection, we need more than just technical arguments to win the cash needed to tackle future threats of, say, malicious code seeping through web browsers when XML applications hit the desktops.
IT directors and managers will increasingly need to learn how to shape their arguments to address business fears: damage to reputation, loss of current or future business, and court action.
The finance sector, now under intense regulatory pressure to measure operational risk, is setting the pace. What it does now will eventually affect all sectors. Now is the time to start preparing those metaphors and analogies.
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments