NASA security failings highlight the need for IT security education

The IT security failings at NASA revealed by a US government audit show that almost every IT manager has something to learn

The IT security failings at NASA revealed by a US government audit show that almost every IT manager has something to learn, according to experts.

The audit carried by the US Office of the Inspector General (OIG) revealed that servers on NASA's agency-wide mission network have high-risk vulnerabilities that can be exploited from the internet.

"Regardless of the level of technical expertise - and you would expect the skills of NASA's IT professionals to be second to none - no one organisation can be expected to be truly confident that their IT systems are protected against the latest hybridised attacks," said Claire Sellick, event director with Infosecurity Europe.

It is clear that even the largest IT security suppliers are having trouble keeping up with a rising tide of new daily and zero-day threats and that security professionals need all the help they can to stay ahead of the cybercriminals, she said.

Sellick, whose team is finalising plans for the Infosecurity Europe 2011 Show at Earls Court, London from 19 to 21 April, said that the NASA security shortcomings show how critical education is in the IT industry.

This is one of the reasons why the event will feature a free education programme that includes presentations in the keynote, business strategy and technical theatres.

Keynote presentations will address the security issues and pressures that organisations face in an increasingly mobile and global working environment, strategy sessions will include the dangers of mobile devices and social media, and the technical sessions include topics like a real world view of organised crime.

As the NASA security failings show, it is a nearly impossible task to make your IT systems 100% resilient against external attack, said Sellick.

"What our free show educational sessions will allow, however, is to bring any IT security professional quickly and efficiently up to speed on the latest threats - and solutions to those threats - allowing them to return to the workplace, ready to develop their own advanced security strategies," she said.

Read more on IT strategy