|
Written by David Torre
|
|
Page 1 of 4
INTRODUCTION
Before I begin, allow me to present a simple question: Who is responsible for information security in your organization? Before you raise your hand, take a look at any one of the recent security vulnerabilities. (From Adobe to Zimbra, there are plenty to choose from.) Now ask yourself, if your organization were to be compromised due to any one of those vulnerabilities, who should be held accountable? Should it be you, the security engineer, or Adobe? Should it you, the systems administrator, or Cisco? Perhaps a better question may be: who would your boss hold accountable? Questions such as these are often left unanswered, leaving IT management with broad security expectations for local employees.
While defining security responsibilities is standard procedure for consultants, security staff employed by corporate IT departments may not have it so easy. Often times, corporate security administrators and general security engineers are simply expected by management to “keep everything secure.” After all, isn't that what companies pay security people to do?
Of course, we all know that keeping everything secure just isn't practical. Accordingly, security experts must fall back on traditional risk management techniques, opting to defend against likely threats over those of improbable nature. In other words, it’s all about prioritization. So while management surreptitiously chuckles at the logistical nightmare they've presented to us security folk, we forge ahead in stride, defending the company's crown jewels with the few marginal resources afforded to us. However, this process isn't entirely a somber affair. Once the high-priority items to protect have been identified, it's time to go shopping for firewalls and other security goodies. An endeavor which brings joy to geeks of all denominations.
<< Start < Prev 1 2 3 4 Next > End >>
|
|
Last Updated on Saturday, 21 November 2009 09:22 |
Feed Entries 
White Papers 
