Twitter
Sep
15
While it's been a while that I last posted an article on maltainfosec.org, I must admit I've recently been over the top of my head with my studies. The good thing is that my degree is over and plans are in place to start a post-grad in law (LLM). Moreover, I was invited to give a presentation next October on Network Information Systems (NIS) and CERT from a local private perspective. More details of this to come later on.
Meanwhile, we are slowly making the transition to micro-blogging, sharing relevant infosec information through Twitter
Going back to the original title of the article -- As you might imagine different people have different perceptions of information security, which in turn exposes different attitudes towards the subject -- most of which are lax unfortunately. Whilst large companies that invest in security do so because of compliance (primarily), their internal security departments use it as leverage to enforce controls -- however the expense is never seen as an investment or insurance, rather its a thorn that they have to deal and put up with -- and this is common even for smaller companies of around 50 people. On the local scene this stands to be very true and its a pity as security often gets overlooked or worse, sidetracked -- and we learn through failures to protect information, exposures and mistakes-- what I would call the 'hard way'.
Not only does this apply to the local scene, but also large kick-ass innovative companies like Apple. To be fair, they have been responding a little faster over the past few months especially with the release of 10.6.1 of Snow Leopard.. then again they are also known to work on patches given there is enough demand. What comes to mind is an old Java flaw that took months to be updated by Apple.
The bottom line is companies fix stuff because they stand to lose money -- and the driver for any business (like we all know) IS money. So if its in the interest of the company, the security attitude is immediately escalated and given priority -- other than that -- given the times we live in where budgets and time are always tight --- the least security pro's interfere with life cycles - the better.
... In the interest of whoever has this sort of attitude, let's hope that it doesn't bite them back in the ass
".. Security is not about being killed by an alligator..Usually, it is about being eaten to death by a thousand chickens..."
Meanwhile, we are slowly making the transition to micro-blogging, sharing relevant infosec information through Twitter
Going back to the original title of the article -- As you might imagine different people have different perceptions of information security, which in turn exposes different attitudes towards the subject -- most of which are lax unfortunately. Whilst large companies that invest in security do so because of compliance (primarily), their internal security departments use it as leverage to enforce controls -- however the expense is never seen as an investment or insurance, rather its a thorn that they have to deal and put up with -- and this is common even for smaller companies of around 50 people. On the local scene this stands to be very true and its a pity as security often gets overlooked or worse, sidetracked -- and we learn through failures to protect information, exposures and mistakes-- what I would call the 'hard way'.
Not only does this apply to the local scene, but also large kick-ass innovative companies like Apple. To be fair, they have been responding a little faster over the past few months especially with the release of 10.6.1 of Snow Leopard.. then again they are also known to work on patches given there is enough demand. What comes to mind is an old Java flaw that took months to be updated by Apple.
The bottom line is companies fix stuff because they stand to lose money -- and the driver for any business (like we all know) IS money. So if its in the interest of the company, the security attitude is immediately escalated and given priority -- other than that -- given the times we live in where budgets and time are always tight --- the least security pro's interfere with life cycles - the better.
... In the interest of whoever has this sort of attitude, let's hope that it doesn't bite them back in the ass
".. Security is not about being killed by an alligator..Usually, it is about being eaten to death by a thousand chickens..."
