http://www.darkreading.com/advanced-threats/167901091/security/security-management/231600409/one-third-of-security-pros-not-practicing-what-they-preach.html By Kelly Jackson Higgins Dark Reading Aug 29, 2011 Most security pros at businesses and government agencies have talked to their senior managers about the recent high-profile breaches at Sony, RSA, and Citigroup, but fewer than one-fourth of them have taken any further action. That's the consensus of a survey of attendees at the recent Gartner Security & Risk Management Summit that Tenable Network Security independently conducted there. More than 90 percent say they spoke with upper management about the latest attacks, but only 23 percent made any changes to their security infrastructure or took any additional steps. Tenable plans to announce those findings this week. "It's a lot easier to keep running your traditional security tools. People have a comfort with their tools even though they know something is out there," says Ron Gula, CEO and CTO at Tenable. "They've got some technical footprint, a compliance program ... and they feel they are okay." Gula says the difficulty with reacting to the next big threat wave is that it's often not realistic to make any major changes to an organization's infrastructure. "Changing access control for employees, changing the technology" or enacting draconian security measures just isn't realistic every time a new breach is publicized, he says. [...] _____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Tue Aug 30 2011 - 00:23:29 PDT
This archive was generated by hypermail 2.2.0 : Tue Aug 30 2011 - 00:19:46 PDT