@jamieinmontreal You raise some excellent points about this issue of security. And I do certainly agree that the Security industry does not do itself any favors with the customary convoluted software which would tax the best admins among us.
It reminds me of troubleshooting a firewall about 10 years ago - the manual at the time was the size of a book you might see in Law school or Congress. It was a major challenge to sift through an interface that was even at that time confusing at best. I finally did get access through a port that was needed, but it was one of my most challenging projects up until that point. So I understand security is no easy job, but vendors can and should make things much easier for admins.
And you bring up another great point about the vastness of security layers. This certainly makes this issue even more difficult. Not to mention the regulations.
But I think what annoys me most is what Kelly mentioned earlier in the thread, if we can't depend on those in the the financial industry to take those steps that mere mortals fear to tread, what hope do we really have ?
Sony is a prime example of this - many believe that there is a separate group which took down their Playstation network. So not only have they been breeched, it is by two distinct groups ! What security hole are these companies overlooking ? I know security experts hate to think they don't have a solution, but in Sony's case - this appears to be true.
But in the case of Chase ? There is simply no excuse, ( not to imply there is one for Sony either) these companies have more than enough resources to get the best experts. This did not happen and why ? Because as you mention (and I also agree ) security is seen as an expense and it is clear companies have a conducted risk analysis on the amount of bad press and potential loss that a breech might cause.
I like your ideas for improvement - I hope the industry hears us because it is obvious that the practices that are in place - Just are not working.
User Rank: Strategist
3/9/2015 | 5:47:25 PM