Slashdot Mirror

← Back to Stories (view on slashdot.org)

Information Security Fundamentally Wrong?

Posted by ScuttleMonkey on from the most-people-only-want-the-illusion-of-security dept.

Joep Gommers writes to share his look at why the current approach to information risk mitigation is fundamentally wrong. Detection of an intrusion (incident), consists of three stages. Information Gathering, Information Processing and Information Reporting. If we look at the way we currently put these three stages together we see that efficiency, and therefore the percentage of possible accomplished risk mitigation, is poor. He claims that if every step taken in order to detect an incident is at 50% efficient, we will end up with thousands of dollars in firewalls, ids, event correlators, and outsourced security processes and very little progress in security. The article is noted as a draft, but still some interesting food for thought.

2 of 35 comments (clear)

  1. So... by Otter · · Score: 3, Funny

    So, if you multiply some completely arbitrary numbers together and then multiply some wholly imaginary numbers together, the arbitrary numbers for real technology come out lower than the imaginary numbers for imaginary technology? Wow, I'm impressed!

    --
    What I'm listening to now on Pandora...
    1. Re:So... by Anonymous+Brave+Guy · · Score: 2, Funny

      I think your explanation might be a bit complex...

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.