Security Smackdown - part 2
by Ed Adams, Security Curmudgeon
Thu, 2008-04-17 19:53
Topic(s): | | | |

Building on the Security Smackdown blog entry posted earlier this week, here are the 15 topics I asked Mary Ann Davidson or Oracle, John Stewart of Cisco, and Charles Kolodgy of IDC to comment on:

Buy or Sell

  1. Virtualization is just this year’s buzz word and has no serious play in security.
  2. Using open source is a good way to introduce security vulnerabilities into your software
  3. Our society’s fast-moving push to an always on mobile world with 24x7 access to our financial and personal data via handheld devices makes us increasingly susceptible to identity fraud and theft.
  4. The “2007 Global State of Information Survey” by PWC reported that out of every IT dollar spent, 15 cents goes to security, which is up dramatically from years past. This means that enterprise’s overall data/info security posture is improving in line with this adjustment.
  5. Javelin research reports that most identity frauds are traced back to low-tech methods, not the Internet. Given all the attention that phishing attacks get in the press, they are over-rated as a major security threat.

 

Good Call / Bad Call

  1. Securing the perimeter is the most effective method of security if done correctly.
  2. The PCI Data Security Standard should be scrapped. It can’t effectively protect organizations and the system is fundamentally flawed.
  3. CSO Magazine recently wrote, “Awareness may be at an all-time high, but awareness doesn’t equal improvement …the sad fact is that the strides made to date have not crossed the threshold from seeing to fixing” when it comes to IT security problems and data protection.
  4. One self-proclaimed application security lunatic claims that if software were written properly, we wouldn’t need all the network and personal defenses that we now have such as IDS, IPS, anti-virus, and firewalls.
  5. CyberSource’s 2007 E-commerce Fraud Survey reported that fraud cost U.S. merchants nearly $4 billion last year, a 20 percent increase over 2006. According to the study, merchants are losing more money not because fraud is happening more often, but because keeping fraud at bay is becoming more expensive.

 

Inquiring Minds Want to Know

  1. What do you think will be the biggest IT security problem in the next 5 years?
  2. If you could only choose a single technology solution to protect your home computing environment what would it be? Examples: firewall, anti-virus, move to Idaho were you can trust all the nice local folk J, etc.?
  3. What is the worst (or most ridiculous/inappropriate) security analogy you have heard?
  4. Other than yourself, who is your favorite security guru/superstar… and why?
  5. What’s the most outrageous security cold call you ever got?
» read more from Ed Adams | post a comment
Ads by TechWords
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Discover whether hosting is your smartest choice for enterprise messaging.

GoogleTo host or not to host? Thats the question for many CIOs as the volume and complexity of enterprise messaging continues to skyrocket.

» Read the Paper