My wife tells me that as man I have problems to focus on more than one thing at the time. The IT industry consists mostly of men (unfortunately) and (if my wife is right) that explains why we seem to concentrate on one security issue at the time...and then we solve one security problem at the time with a point product. When I grew up and bought my first stereo I learned that there was no need to buy the best speakers in the world if I could not afford to buy the best receiver. The quality of the output would never be better then the most inferior part of the system. The same applies for security systems; why have the best firewall in the world if you do not have an authentication system, what is the use of an authentication system if you do not have an access management system, what is the use of having all that and then you open ports in the firewall for uncontrolled access to email on mobile phones etc etc? The sad truth is that if there is a hole in your defence, an attacker will find it and exploit..it is only a question of time.
Conclusion: Do not solve security problems "one problem at the time", to be secure you need to have a holistic view on the problems and make sure that the need of security is balanced with the TOTAL cost and the need of the operations. Otherwise you will end up with a good fence but a lousy door.
Subscribe to:
Post Comments (Atom)
2 comments:
Other possible conclusion : Hire women in your IT security staff (and every where else). Plus, they tend to think less with their gonads, more with their brains. They tend to handle stress better than men.
I agree..but I wonder why they do not want to work with people like us.
Post a Comment