CSOs need to get on with the job of protecting the company
Regulation harming computer security, say experts
/v3-uk/news/1994370/regulation-harming-security-experts
29 Jul 2009, Iain Thomson , V3
Increasing levels of regulation from governments and within companies is harming computer security, according to experts.
Chief security officers (CSOs) complained at the Black Hat USA 2009 conference that they spend too much time doing jobs relating to regulation, and that doing so is detrimental to security.
"The security industry is beholden to do things that are not effective due to audits and regulation," said John Stuart, CSO at Cisco.
"I stopped paying attention to intrusion detection system logs. I don't care how many times we get attacked. Now I spend time looking at traffic leaving the company to find what's infected. It took nine months to convince the auditors about this."
Stuart added that each task had to be measured on efficacy. If he is asked to do something that reduces his efficiency he finds another "sucker group" within the company to do the job.
Bob West, founder of security intelligence firm Echelon One, agreed with Stuart. "I could spend a whole lot of time on compliance, but I wouldn't be spending it doing my security job," he said.
Companies need to analyse the compliance issues that need to be addressed and remove them from the CSO's job where possible. This frees up the CSO to get on with the job of protecting the company.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
As logs become more sensitive, attention decreases exponentially
John Stuart raises a very relevant point; as logs become more sensitive, the attention paid to them by busy security professionals decreases exponentially. Taking inspiration from the antivirus technology community, where the analysis of abnormal system behaviour is key to detecting new viruses, analysing traffic - or more specifically Network Behaviour Analysis (NBA) - is an approach to bolster the overall security measures and alerting systems in use within a given organisation.
The use of NBA, in conjunction with the consistent enforcement of a comprehensive Identity and Access Management (IAM) strategy, can help to limit the amount of time and resources required by John Stuart and his contemporaries to maintain a high level of security and access compliance in the operation of a network.
Posted by Stuart Hodkinson, UK General Manager, Courion, 30 Jul 2009