Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« WikiLeaks and Data Loss Prevention | Main | Free Web Filter Gets Better »

How to Run Your Security Program Into the Ground

I enjoy true stories that leaves me feeling "there is no way anyone could be making this up." A case in point is a story in ComputerWorld's Shark Tank about a CIO who has a problem listening to staff about security issues.

The result is Web site defacement, hole-riddled firewalls, and malware infected servers. The organization had security measures in place at one time - take the now non-functioning IPS as an example. Too bad the budget for security didn't fixing the IPS. Seriously, I understand the need to meet business requirements, but confidentiality, integrity and availability are business requirements.

This is a case where the CIO's proposed solution isn't likely to work:


Make the support manager the security officer," reports fish. "This is, of course, the same person who isn't invited to the meetings and whose objections are ignored.

Another example of us being our own worst enemy.

Tags:            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on February 19, 2008 12:28 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/638

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net