The Business of Security: How your Organization Is ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

DavidW723,
User Rank: Apprentice
3/31/2017 | 4:48:50 AM

Socialising security

Back in the early days, IT was carried out by a bunch of mystical creatures hidden away in darkened basements who spoke in strange languages and only suffered the presence of end users as a last resort. Requirements were passed through a hole in the wall and the results lobbed back months or years later. This mystique helped to spead the myth of IT being something that only the select few could participate in.

In the intervening years that mystique has been largely blown away and now pretty much anyone can create very sophisticated systems without having to refer to the IT wizards.

I've long felt that many IS professionals act like the old IT mystics, with whispered references to VPNs, TLS, 2048 bit keys, SOCS, SIEMS and heaven knowns what else, all in an attempt to make it seem more difficult than it actually is.

In the same way as IT has been democratised and made avaialble to all, we need to move IS out of the central mystics and into the mainstream business areas. The data belong to the business, the risk should be owned by the business but for some reason we still seem to try to put blockers in the way of the business taking effective ownership of their security.

That won't remove the need for IS professionals any more than putting IT into the hands of the business removed the need for IT professionals, but it will have the dual advantages of spreading security across the business, and allowing the IS Professionals to focus on new, interesting, stuff and not get bogged down in another round of Security 101 briefings.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Cyber Threats, Cyber Vulnerabilities Dark Reading Event - Nov 17

Black Hat Europe 2021 - November 8-11 - Learn More

SecTor - Canada's IT Security Conference Oct 30-Nov 4 - Learn More

More Informa Tech Live Events

White Papers

The State of Cloud

Zero Trust and the Power of Isolation for Threat Prevention

Digital Transformation and Data Security

The Transition to Empowered Enterprise Authentication

Run and Transform

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

How Enterprises are Attacking the Cybersecurity Problem

Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2011-4126
PUBLISHED: 2021-10-27

Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.

CVE-2011-4574
PUBLISHED: 2021-10-27

PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instru...

CVE-2020-7867
PUBLISHED: 2021-10-27

An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of adminis...

CVE-2021-26610
PUBLISHED: 2021-10-27

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.

CVE-2021-32951
PUBLISHED: 2021-10-27

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]