Focus on business security, not compliance: CSO
- 03 August, 2012 15:55
- Comments
Tenable Network Security CSO, Marcus Ranum.
Enterprises are too focused on meeting security standards such as payment card industry (PCI) compliance rather than implementing configuration management, business resumption and fault tolerance, according to a security expert.
Speaking to CSO Australia at the Cyber Security Summit in Sydney, Tenable Network Security US chief security officer, Marcus Ranum, said management and IT executives needed to start treating attempted external hacks as another fault and include security in the context of a business problem.
“PCI compliance is something that any organisation with a clue about security would have been doing all along,” he said. “CSOs need to be questioning prevailing trends and not follow what everyone else is doing.”
In addition, Ranum said the information security industry was “stuck in the crosshairs” of trends such as reduced budgets due to the development of more intelligent security systems.
“You can have an anti-virus system or application firewall that does a pretty good job because it’s executing the standard knowledge base against a static system,” he said.
“Because we were able to get things to work pretty well with these kinds of knowledge based [security] systems we’re getting pressure from management to do more with less.”
However, this also meant malware was getting more sophisticated -- to the point where it required a dedicated response team of generalist security staff.
“One of the things I’m seeing is that organisations are patting themselves on the back and saying they’ve taken care of the problem but then they’re getting owned by some piece of malware,” he said.
“These organisations are then spending huge amounts of money on forensics and incidence response.”
Follow @CSO_Australia and sign up to the CSO Australia newsletter.
Related Articles
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- Australian Red Cross Blood Service Enhances the Performance of Its Mission-Critical Applications
- Bandwidth Bandits
- Seeing the Forest for the Trees - A Systematic Approach to Application Performance Monitoring
- Managing Web Security in an Increasingly Challenging Threat Landscape
- Trend Micro Endpoint Comparative Report Performed by AV-Test.org
-
Spiceworks' free management software gets integrated MDM
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
BYOD and Beyond - Implementing a Unified Access Solution
The rise of BYOD programs is the single most radical shift in the economics of client computing for business since PCs invaded the workplace. Whether you are contemplating the creation of a BYOD program or currently trying to establish one, this fact cannot be overstated. Find out how to overcome these challenges. -
NetApp FAS6240 Clustered SAN Champion of Champions
Storage systems today must match agility with diversified I/O performance to satisfy an enterprise’s changing needs. In their review, Silverton Consulting ranks the NetApp FAS6240 Clustered SAN, as an Enterprise OLTP “Champion of Champions.” Read the results of their benchmark testing and the features that impressed them the most. -
Bring Your Own Device FAQs
This report covers the frequently asked questions associated with the implications of BYOD devices in the workplace. Any solution in this space needs to be built on simplicity, scalability and security. Click to find out how to address the IT security challenges.
Get exclusive access to Invitation only events CIO, reports & analysis. 
