Cool as McCumber

On being proactive

There are plenty of interesting parallels here for today’s information security practitioners. The initial era of cyber security was ushered in by attention seeking “hackers,” denial of service attacks and large-scale viruses. In response, security vendors developed products such as firewalls, intrusion detection/prevention systems and signature-based antivirus. These have now become the static and reactive boundary-style measures of IT security. And they are no longer adequate.

There are two key trends driving the need for us to reevaluate our cyber security stance. The first is the growing sophistication of attacks that simply end-run these passive controls. The second is the cost-saving demands of moving sensitive information out from behind static digital walls, and into shared services such as cloud computing. The key to your future as an effective IT security practitioner will be your ability identify and implement the appropriate mix of static and new, proactive tools to effectively deal with the changes in threat and vulnerability landscape.

If that is too difficult, you could always try building a taller fence or a thicker wall.

John McCumber is a security and risk professional, and author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, e-mail