Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Failure of Information Security

Posted by ryuzaki0 on from the everyone-is-happy-until-something-breaks dept.

Noam Eppel writes to share a recent editorial regarding the current state of information security. From the article: "It is time to admit what many security professional already know: We as security professional are drastically failing ourselves, our community and the people we are meant to protect. Too many of our security layers of defense are broken. Security professionals are enjoying a surge in business and growing salaries and that is why we tolerate the dismal situation we are facing. Yet it is our mandate, first and foremost, to protect."

2 of 172 comments (clear)

  1. Sounds a bit harsh to me by giorgiofr · · Score: 5, Interesting

    We as security professional are drastically failing ourselves, our community and the people we are meant to protect.

    This is quite harsh. While it is true that more could be done, it also true that it is thanks to security professionals that things are not as bad as they could be. Yeah, Norton and McAfee are doing their best to scare consumers into buying software that provides ridiculous security. But this is not what we mean by "professionals".
    Also, I am not a "security professional" but I have done my fair share of configuring and securing other people's computers; sometimes thay might have been compromised anyway, but if I had done nothing, many more systems would have been at danger.
    The article lists a long series of threats that endanger our systems everyday - but I fail to see how they are related to security professionals not doing their job. I'd rather blame the criminals.

    --
    Global warming is a cube.
  2. Corporate mentality by Aceticon · · Score: 5, Interesting

    The management level corporate posture towards IT security goes like this:
    - We want to have our machines and network secure as long as it doesn't cause too much hassle to people and we don't pay a lot for it.

    In other words, forget about big hardware changes, forget about changing the OS/E-mail client/Word editor/Web browser on the desktops of the staff, forget about getting all laptop users in their own sub-network and forget about retraining our staff to use computers in a way that helps improve our IT security. Oh, and by the way, if the CEO or some other VIP has some funky new program on his laptop that can't connect to the Net, just open those ports in the firewall.

    And now IT Security professionals are to blame?

    What's next? Maybe the cleaning lady at Enron was the one responsible for defrauding the investors????