[ISN] IT security needs a new metaphor

From: InfoSec News (isn@private)
Date: Wed Nov 05 2003 - 01:16:50 PST

  • Next message: InfoSec News: "[ISN] Counterfeit Software, Digital Rights Management, and Security"

    http://www.computerweekly.com/articles/article.asp?liArticleID=126095
    
    by John Riley 
    4 November 2003 
    
    IT security managers are rethinking their approaches to security in 
    large organisations and re-evaluating upcoming threats. 
    
    It is no longer fashionable to regard security as a fortress to keep 
    people out. The new analogy is an airport, where anyone can enter, but 
    access to different areas is then strictly policed by a series of 
    checks and controls.
    
    John Stewart of Signify, an IT security consultancy, outlined five 
    areas of IT security when he spoke to IT directors at September's BCS 
    Elite Conference.
    
    The role of the immigration officers, inspecting credentials and 
    deciding who is allowed in, is played by firewalls. Identity 
    management is the passport office, which issues and verifies those 
    credentials. Content security equates to the x-ray machines used to 
    check luggage; encryption is the diplomatic bag that ensures 
    confidential documents are not snooped on; and intrusion detection is 
    the CCTV that monitors all activity and spots threats.
    
    Although simplistic, this kind of analogy is ideal for communicating 
    ideas about security, especially to business managers, for whom it is 
    a turn-off topic on the wrong side of the balance sheet.
    
    Take virus and worm protection. Having persuaded managers to invest in 
    e-mail protection, we need more than just technical arguments to win 
    the cash needed to tackle future threats of, say, malicious code 
    seeping through web browsers when XML applications hit the desktops.
    
    IT directors and managers will increasingly need to learn how to shape 
    their arguments to address business fears: damage to reputation, loss 
    of current or future business, and court action.
    
    The finance sector, now under intense regulatory pressure to measure 
    operational risk, is setting the pace. What it does now will 
    eventually affect all sectors. Now is the time to start preparing 
    those metaphors and analogies.  
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Nov 05 2003 - 04:11:42 PST