Security Spending in All the Wrong Places
Peter Tippett, VP of risk management at Verizon, chief scientist ICSA Labs and a developer of anti-virus programs, thinks we're not paying attention to the data on what is and isn't effect allocation of security resources. Dark Reading has a sobering thought from him:
"A large part of what we [security pros] do for our companies is based on a sort of flat-earth thinking," Tippett said. "We need to start looking at the earth as round."
Wait a minute, where does he come off saying that?
He's been looking at the data, that's where. He finds problems with the concept of protecting the individual computer in organizations with thousands - we end up with a weakest link problem. He also argues against trying to get products that are 100% secure:
automobile seatbelts only prevent fatalities about 50 percent of the time. Are they worthless? Security products don't have to be perfect to be helpful in your defense."
The flip side of the problem is doing something correct 100% of the time doesn't necessarily make you secure if you're doing the wrong thing. So where should we put our security resources? Tippett says security awareness is a good bet.
Some other studies mentioned in the blog point to the security awareness problem, at least for small and midsized businesses. We'll have an article on end user security awareness coming soon to the Messaging and Web Security Essential Series, Volume 3.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
