Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

IT security needs a new metaphor

From: InfoSec News <isn () c4i org>
Date: Wed, 5 Nov 2003 03:16:50 -0600 (CST)
http://www.computerweekly.com/articles/article.asp?liArticleID=126095

by John Riley 
4 November 2003 

IT security managers are rethinking their approaches to security in 
large organisations and re-evaluating upcoming threats. 

It is no longer fashionable to regard security as a fortress to keep 
people out. The new analogy is an airport, where anyone can enter, but 
access to different areas is then strictly policed by a series of 
checks and controls.

John Stewart of Signify, an IT security consultancy, outlined five 
areas of IT security when he spoke to IT directors at September's BCS 
Elite Conference.

The role of the immigration officers, inspecting credentials and 
deciding who is allowed in, is played by firewalls. Identity 
management is the passport office, which issues and verifies those 
credentials. Content security equates to the x-ray machines used to 
check luggage; encryption is the diplomatic bag that ensures 
confidential documents are not snooped on; and intrusion detection is 
the CCTV that monitors all activity and spots threats.

Although simplistic, this kind of analogy is ideal for communicating 
ideas about security, especially to business managers, for whom it is 
a turn-off topic on the wrong side of the balance sheet.

Take virus and worm protection. Having persuaded managers to invest in 
e-mail protection, we need more than just technical arguments to win 
the cash needed to tackle future threats of, say, malicious code 
seeping through web browsers when XML applications hit the desktops.

IT directors and managers will increasingly need to learn how to shape 
their arguments to address business fears: damage to reputation, loss 
of current or future business, and court action.

The finance sector, now under intense regulatory pressure to measure 
operational risk, is setting the pace. What it does now will 
eventually affect all sectors. Now is the time to start preparing 
those metaphors and analogies.  



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: