On Being Proactive

As early man went through his hunter-gatherer phase, security was always up-close and personal. Security was all about survival. Small, nomadic groups of people had to protect themselves primarily from exposure and starvation. Even predators such as large...


There are plenty of interesting parallels here for today’s information security practitioners. The initial era of cyber security was ushered in by attention seeking “hackers,” denial of service attacks and large-scale viruses. In response, security vendors developed products such as firewalls, intrusion detection/prevention systems and signature-based anti-virus. These have now become the static and reactive boundary-style measures of IT security. And they are no longer adequate.

There are two key trends driving the need for us to reevaluate our cyber security stance. The first is the growing sophistication of attacks that simply end-run these passive controls. The second is the cost-saving demands of moving sensitive information out from behind static digital walls, and into shared services such as cloud computing. The key to your future as an effective IT security practitioner will be your ability to identify and implement the appropriate mix of static and new, proactive tools to effectively deal with the changes in threat and vulnerability landscape.

If that’s too difficult, you could always try building a taller fence or a thicker wall.

 

John McCumber is a security and risk professional, and author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, e-mail Cool_as_McCumber@cygnusb2b.com.