Tuesday, September 20, 2005
Don't trust security to techies alone, Gartner says
Gartner has commented putting IT Professional solely for the security task is just not enough. IT Professional to them is too technical to understand the business needs and directions.
Well in my opinion, they might just be right about been able to cut cost (the usual) by having a faster ROI. Spending less and getting better with stategies.
What they have done is separated security and people which is more or less incorrect. Security do not consists only of Hardwares, people is part of security as well. We have our Security Password, Security IDs and Emails.
Placing firewall at the bottom of the priority list will definitely get them into trouble, if you can't secure your perimeter the battle is as good as lost. Make it worst and get somebody just graduate from colleage to set up the firewall.
Instead, I would suggest not getting business-focused managers (who know nuts about security would usually suggest cost cutting to save their placement) but rather train or bring these technies to the business table and educate.
By shutting them off and getting them listen to you is actually very simple. We call it the blind leading the blind. Thus in order for that to work, let the technie talk first and the management to open up their ears listen (which they usually don't) and digest (I know its little bit difficult).
The management part would then be to explain (not command) the situation or their point of views. Getting both parties understand the scenario would help to reach a compromise solutions.
Having done that the Security professionals will be able to understand the company direction there by bringing the company there.
Source : http://news.com.com/Dont+trust+security+to+techies+alone%2C+Gartner+says/2100-7350_3-5868906.html?tag=cd.top
Well in my opinion, they might just be right about been able to cut cost (the usual) by having a faster ROI. Spending less and getting better with stategies.
What they have done is separated security and people which is more or less incorrect. Security do not consists only of Hardwares, people is part of security as well. We have our Security Password, Security IDs and Emails.
Placing firewall at the bottom of the priority list will definitely get them into trouble, if you can't secure your perimeter the battle is as good as lost. Make it worst and get somebody just graduate from colleage to set up the firewall.
Instead, I would suggest not getting business-focused managers (who know nuts about security would usually suggest cost cutting to save their placement) but rather train or bring these technies to the business table and educate.
By shutting them off and getting them listen to you is actually very simple. We call it the blind leading the blind. Thus in order for that to work, let the technie talk first and the management to open up their ears listen (which they usually don't) and digest (I know its little bit difficult).
The management part would then be to explain (not command) the situation or their point of views. Getting both parties understand the scenario would help to reach a compromise solutions.
Having done that the Security professionals will be able to understand the company direction there by bringing the company there.
Source : http://news.com.com/Dont+trust+security+to+techies+alone%2C+Gartner+says/2100-7350_3-5868906.html?tag=cd.top
# posted by David Low @ 12:16 PM 
