Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why cybersecurity will suffer the same fate in 2015 as it did in 2014

Jeff Bardin | Jan. 22, 2015
2015 is nearly three weeks young and I am afraid we are going to see more of the same exposures as we did in 2014. Not much has changed in organizations. They are fundamentally following the same tactics and techniques to 'defend' against adversaries as they have for the past several years. There are 12 areas that continue to cause problems for the CISO and information security as a whole. Here they are:

11. We still see an extreme lack of maturity in the IT space for foundational elements.  IT shops don't know what assets they have, how they are configured, who has access to them, or how and when they were changed last and by whom. Software is not written with closing holes in mind nor written (and I really hate this misnomer but have to use it for understandings purpose) securely. There is no such thing as secure code only code that has been properly written, tested and validated to do what it says it is going to do and only that no matter the input. Monitoring is incident driven and projects are not run with full-fledged project schedules including dependencies, slack, costing, (and even a mention of earned value management).

12. And then there is #12 who by the time they have read to this point are completely incensed at the above words largely since they are part-of-the-problem.

To cover the 12 areas without the narrative:

I have been in this game for nearly three decades. Almost every IT program encountered, every information security organization engaged, the problems remain the same. You can close your eyes and hear the same people making the same excuses, deflecting the same issues today as they did and have for 30 years.  The CISO is held as the scapegoat. The CISO is shot for communicating the message. The process of communicating the message becomes the target for remediation. True causal analysis is not performed only analysis to keep the finger pointed at the wrong individual or group. All while IT and the CIO skate away on the thin ice of the new day (thank you Jethro Tull).  


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.