Focus on business security, not compliance: CSO
- 03 August, 2012 15:55
- Comments
Tenable Network Security CSO, Marcus Ranum.
Enterprises are too focused on meeting security standards such as payment card industry (PCI) compliance rather than implementing configuration management, business resumption and fault tolerance, according to a security expert.
Speaking to CSO Australia at the Cyber Security Summit in Sydney, Tenable Network Security US chief security officer, Marcus Ranum, said management and IT executives needed to start treating attempted external hacks as another fault and include security in the context of a business problem.
“PCI compliance is something that any organisation with a clue about security would have been doing all along,” he said. “CSOs need to be questioning prevailing trends and not follow what everyone else is doing.”
In addition, Ranum said the information security industry was “stuck in the crosshairs” of trends such as reduced budgets due to the development of more intelligent security systems.
“You can have an anti-virus system or application firewall that does a pretty good job because it’s executing the standard knowledge base against a static system,” he said.
“Because we were able to get things to work pretty well with these kinds of knowledge based [security] systems we’re getting pressure from management to do more with less.”
However, this also meant malware was getting more sophisticated -- to the point where it required a dedicated response team of generalist security staff.
“One of the things I’m seeing is that organisations are patting themselves on the back and saying they’ve taken care of the problem but then they’re getting owned by some piece of malware,” he said.
“These organisations are then spending huge amounts of money on forensics and incidence response.”
Follow @CSO_Australia and sign up to the CSO Australia newsletter.
Related Articles
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Spiceworks' free management software gets integrated MDM
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Endpoint Security and Virtualisation
Besides form factor, virtual systems are not really that different than physical systems. They both use the same operating systems and applications. They both present users with computing resources such as RAM and hard drives. Consequently, the ability to exploit vulnerabilities in a physical environment will present a significant threat to virtualised environments as well. This paper examines the different endpoint security methods for virtualised environments and presents how Endpoint Protection security provides optimal performance, protection and manageability. -
Advanced Targeted Attacks
The new threat landscape has changed. Cybercriminals are aggressively pursuing valuable data assets, such as financial transaction information, product design blueprints, user credentials to sensitive systems, and other intellectual property. Simply put, the cyber offense has outpaced the defensive technologies used by most companies today. Find out more on how to protect against the next generation of cyber-attacks. -
CSO Spotlight: Security-as-a-Service Gaining Popularity
Organizations that are looking for security features including identity management, encryption and access control — and at the same time want to take advantage of the cost and flexibility benefits of the cloud —might check into security-as-a-service offerings available now from several vendors. Download now to find out more.
Get exclusive access to Invitation only events CIO, reports & analysis. 
