Bill Brenner at CSO Magazine is quoting IBM ISS Security Strategist Joshua Corman who has been on a crusade with his 8 Dirty Secrets campaign. Here they are and I'm quoting Dirty Secret #5 which rang oh so true:"
Dirty Secret 1: Vendors don't need to be ahead of the threat, just the buyer
Dirty Secret 2: AV certification omissions
Dirty Secret 3: There is no perimeter
Dirty Secret 4: Risk management threatens vendors
Dirty Secret 5: There is more to risk than weak software
Corman said the lion's share of the security market is focused on software vulnerabilities. But software represents only one of the three ways to be compromised, the other two being weak configurations and people. Unfortunately, he said, the latter two are far more dangerous risks than the big bad software security flaw of the week.
"While we need to find and patch vulnerabilities, we also must understand an organization is only as strong as its weakest link. More attention needs to be paid in mitigating the other two ways beyond software," Corman said. And the best way to manage the people problem is new-school security awareness training.
"While we need to find and patch vulnerabilities, we also must understand an organization is only as strong as its weakest link. More attention needs to be paid in mitigating the other two ways beyond software," Corman said. And the best way to manage the people problem is new-school security awareness training.
Dirty Secret 6: Compliance threatens security
Dirty Secret 7: Vendor blind spots allowed for Storm
Dirty Secret 8: Security has grown well past "do it yourself"
Dirty Secret 7: Vendor blind spots allowed for Storm
Dirty Secret 8: Security has grown well past "do it yourself"
