Although most of these efforts may be obviously ill-fated in hindsight, they have each contributed to the robust suite of solutions needed to implement effective and efficient information security programs. The “secure” computer brought us much-needed security functionality in operating systems such as role-based access controls and device management. The “secure” enclave brought about the integration of firewalls, intrusion detection systems and incident monitoring. Lastly, legislative mandates have demanded the recognition of the value we need to place on sensitive information — especially that being held on private citizens.
The evolution of security is clear: there is no silver bullet. Comprehensive security programs require an appropriate mix of technology, procedures and most importantly, human factors. Security is a journey, not a destination.
John McCumber is a security and risk professional, and is the author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, please e-mail John at: Cool_as_McCumber@cygnusb2b.com.