[ISN] One Third Of Security Pros Not Practicing What They Preach

From: InfoSec News <alerts_at_private>
Date: Tue, 30 Aug 2011 02:23:29 -0500 (CDT)
http://www.darkreading.com/advanced-threats/167901091/security/security-management/231600409/one-third-of-security-pros-not-practicing-what-they-preach.html

By Kelly Jackson Higgins
Dark Reading
Aug 29, 2011

Most security pros at businesses and government agencies have talked to 
their senior managers about the recent high-profile breaches at Sony, 
RSA, and Citigroup, but fewer than one-fourth of them have taken any 
further action.

That's the consensus of a survey of attendees at the recent Gartner 
Security & Risk Management Summit that Tenable Network Security 
independently conducted there. More than 90 percent say they spoke with 
upper management about the latest attacks, but only 23 percent made any 
changes to their security infrastructure or took any additional steps. 
Tenable plans to announce those findings this week.

"It's a lot easier to keep running your traditional security tools. 
People have a comfort with their tools even though they know something 
is out there," says Ron Gula, CEO and CTO at Tenable. "They've got some 
technical footprint, a compliance program ... and they feel they are 
okay."

Gula says the difficulty with reacting to the next big threat wave is 
that it's often not realistic to make any major changes to an 
organization's infrastructure. "Changing access control for employees, 
changing the technology" or enacting draconian security measures just 
isn't realistic every time a new breach is publicized, he says.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Received on Tue Aug 30 2011 - 00:23:29 PDT

This archive was generated by hypermail 2.2.0 : Tue Aug 30 2011 - 00:19:46 PDT