RE: Letter to the editor - Token effort on IT security

[InfoSec News <isn () c4i org>]

Forwarded from: Gary Hinson CCCL <Gary.Hinson () CCCL net>

I sympathise with the comments.

All too often, infosec is under-resourced, meaning that the wonderful
and not-so-wonderful system controls are often under-used in practice.  
The blame is manifold e.g. senior management often don't understand
infosec and don't appreciate the risks they are running; infosec staff
are not usually adept at justifying their important work in business
(commercial) terms, so they lose out in funding; and infosec is 'new',
newer even than IT, so standard practice has not yet
developed/stabilised.

A good rule-of-thumb: there should be at least as many infosec staff
as security guards (with big feet and fluorescent jackets!).  Any
company that has seriously valuable/sensitive data clearly needs more!

Gary.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.