|  |
IT Security Becoming a Strategic Imperative
CRA Reports has issued a white paper titled "Toward the Stategic Security Imperative" explaining a new approach to information technology security. With recent high profile breaches of corporate and government computer systems, concern for computer security is no longer limited to network engineers and geeks. Mainstream media have picked up the story, and revelations of major security lapses have attracted keen attention from state and federal governments. Corporations risk enormous damage to reputation and goodwill when they lose control of confidential, personal information. In the past, hackers were primarily motivated by bravado and ego. Today’s intruder has a more troubling motive: the desire to profit from mass identity theft.
According to the report, many executives still do not understand how to secure and protect mission critical information. The challenges organizations face in reducing their risk stem from a limited, tactical understanding of risk and vulnerability assessment, perimeter security, threat remediation, anti-spyware, patch management and other critical security activities. When organizations treat these activities as separate issues, they fail to understand their overall risk posture, inhibiting their ability to respond appropriately and cost-effectively to threats.
"One of the greatest threats to enterprises today is that many, too many, organizations still consider security the lock they put on the door after the house gets built," said Sean Moshir, CEO of PatchLink Corporation, sponsor of the report. The result is a tactical approach to security that is fragmented, manual or minimally automated, disjointed, and blind.
A tactical approach is also costly. According to recent research from Yankee Group, it can cost as much as $1 million to manually deploy a single patch in a 1,000-node network environment. The firm has documented an instance in which an organization spent $2 million to rush a patch in a telecommunications network that had 500,000 nodes. “What contributes to these costs? It is the manual labor, the fixing of problems, the downtime for businesses while the patches are being deployed,” explained Phebe Waterfield, Senior Analyst, Security Practice, Yankee Group.
The complete white paper is available to the public, free of charge, at http://www.cooperresearchassociates.com/towardstrategicsecurity.html ("get white paper"). 30.03.2005, CRA Reports
Subscribe to the newsletter | | |
| | | |
