Security's Everyman

Security's Everyman

Tuesday, August 15, 2006

Jumping the gun

We all do it. I did it with my second blog post. That was when I said that I was going to replace my home locksets with ones made by Abloy. I talked to my locksmith and he said that there were much better locks on the market that were cheaper and since I do a lot of business with him at work he is getting them for me at cost. But that's not the point. The point is that I read something that worried me and I saw a couple of peoples answer and assumed that was the correct one. I know better than that, but..........

This holds true in the world of networking and security also. We see a threat and often jump the gun when it comes to deploying the best meaure or fix. We either spend too much money and violate the cost/benefit principle, apply the wrong countermeasure or fix b/c we didn't truely understand the problem, or we do something that gives the impression that we are doing something when in reality we are just covering our selves and trying to make ourselves look good.

Kind of like Homeland Security here in the US and their counterparts in the UK. After they foiled the plot to blow up airplanes they banned all of these substances and various items. Then they eased off on the restrictions after a few days. Don't think that I'm saying that they should either stick to their guns or not have been so rash. They did the right thing under the current circumstances. The problem is that they are being reactionary, or more likely they are doing what then think will make us feel better. Don't get me wrong it's important for us to "feel better" when it comes to national security, but we need REAL safeguards in place not just something to make us feel better for the moment. Real policies and procedures that will make a difference and make us safer are what we need.

We need to keep this in mind in regards to IT security also. We need to do all we can to ensure that REAL policies and procedures are in place to adequately protect what we have been entrusted with. As security professionals our job isn't to make ourselves look good or make our users feel better for the moment. We have to stay on top of our game to keep up with, if not ahead of, the bad guys.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.