IT security needs a new metaphor

IT security managers are rethinking their approaches to security in large organisations and re-evaluating upcoming threats.

John Riley

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

IT security managers are rethinking their approaches to security in large organisations and re-evaluating upcoming threats.

It is no longer fashionable to regard security as a fortress to keep people out. The new analogy is an airport, where anyone can enter, but access to different areas is then strictly policed by a series of checks and controls.

John Stewart of Signify, an IT security consultancy, outlined five areas of IT security when he spoke to IT directors at September's BCS Elite Conference.

The role of the immigration officers, inspecting credentials and deciding who is allowed in, is played by firewalls. Identity management is the passport office, which issues and verifies those credentials. Content security equates to the x-ray machines used to check luggage; encryption is the diplomatic bag that ensures confidential documents are not snooped on; and intrusion detection is the CCTV that monitors all activity and spots threats.

Although simplistic, this kind of analogy is ideal for communicating ideas about security, especially to business managers, for whom it is a turn-off topic on the wrong side of the balance sheet.

Take virus and worm protection. Having persuaded managers to invest in e-mail protection, we need more than just technical arguments to win the cash needed to tackle future threats of, say, malicious code seeping through web browsers when XML applications hit the desktops.

IT directors and managers will increasingly need to learn how to shape their arguments to address business fears: damage to reputation, loss of current or future business, and court action.

The finance sector, now under intense regulatory pressure to measure operational risk, is setting the pace. What it does now will eventually affect all sectors. Now is the time to start preparing those metaphors and analogies.

This was last published in October 2003

Read more on IT risk management

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.