8 Dirty Secrets Of The IT Security Industry



Bill Brenner at CSO Magazine is quoting IBM ISS Security Strategist Joshua Corman who has been on a crusade with his 8 Dirty Secrets campaign. Here they are and I'm quoting Dirty Secret #5 which rang oh so true:"
 
Dirty Secret 1: Vendors don't need to be ahead of the threat, just the buyer
 
Dirty Secret 2: AV certification omissions
 
Dirty Secret 3: There is no perimeter
 
Dirty Secret 4: Risk management threatens vendors

Dirty Secret 5: There is more to risk than weak software
 
Corman said the lion's share of the security market is focused on software vulnerabilities. But software represents only one of the three ways to be compromised, the other two being weak configurations and people. Unfortunately, he said, the latter two are far more dangerous risks than the big bad software security flaw of the week.

"While we need to find and patch vulnerabilities, we also must understand an organization is only as strong as its weakest link. More attention needs to be paid in mitigating the other two ways beyond software," Corman said.  And the best way to manage the people problem is new-school security awareness training
 
Dirty Secret 6: Compliance threatens security

Dirty Secret 7: Vendor blind spots allowed for Storm

Dirty Secret 8: Security has grown well past "do it yourself"

Here is the whole article




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews