Where Does It End?
In contemplating the question "So where does all this end?" there is good news and bad news. The bad news is that it never ends. We will always need to think about security. We will always need to update, modify, enhance, and grow our practices, technologies, and knowledge. We will always need to have a security staff, train our end-users, and be mindful of the evil, fang-toothed malefactors knocking at our doors.
The good news is that, if we do it right, effectively maintaining security from here until the end of time should be relatively easy and inexpensive. As has been proven time and again, companies that begin with and maintain good security practices can go hackerless for
Sunny Skies Ahead
Before we begin discussing the principles behind the security mind, it is important that we all agree on one major concept: It will never end. No matter how good our security is, it will always need to be
Just as it is important to understand that security is an ongoing process, it is equally important to understand that
maintaining good security practices does not have to be an ongoing struggle
. No doubt about it, securing an organization can be difficult in the beginning. However, the
Don't get discouraged while reading the latest magazine article reporting that even the FBI is getting hacked. And don't let the
Chapter 2. A New Look at Information Security
Security as an Art Form
Security is a very different world than that of networking, systems, engineering, and other
Ever wonder why security systems and services seem to cost so much more than other services? Ever
The Youngest of the IT Practices
Information security, as a widely recognized practice, has only been known to the public for about a
Of course, this was not the first information security incident to occur, but it was
Information security is just now reaching the stage where it has sprung legs and is making great leaps forward. All around the world, information security professionals, high-tech companies, and even some government agencies are racing forward in an attempt to keep one second ahead of the hacker community, dragging the security of the common company slowly in their wake.
Still, at any moment of any day, you can sit at your desk with a digital subscriber line (DSL) connection to the Internet and find vulnerable systems around the world within a matter of minutes or hours. Every day, new organizations are implementing one-time security measures without adopting good security practices and are left, unknowingly, with useless toys "protecting" their network. These are signs that security, though making incredible strides, has yet to truly mature beyond the boasting hype of
The Most Dynamic IT Practice
It can be easily argued that security is one of the most dynamic fields we have ever seen within IT. Several facts
Looking at the extremely dynamic nature of information security tends to send many would-be security
To properly assess and apply security in any environment, a global approach must be taken, transcending the millions of detailed security facts at hand. This, for many professionals and organizations, can be quite difficult to assimilate. Because it is impossible to stay secure when all eyes are on the firewall, the intrusion detection system (IDS), or the event viewer, people can be left with a very
And About Those Humans
This may not be the most obvious of considerations, but it is one of the most powerful elements shaping the practice of security worldwide. In the history of IT, the focus has almost always been on human vs. machine. A programmer will sit in the corner and beat his or her head against the monitor for hours while trying to make the computer act in a new and improved way. A network engineer consoles into his or her router for days on end trying to change the way in which the traffic flows between devices. In both of these cases, it is a story of a human pitted against a machine in a battle of wits and determination, a classic struggle between the creative and the logical.
But the world of information security is dramatically different. Sure we have the computers and devices to contend with, but the true