Crumbs
Rich T finds some tasty titbits you might have missed in the week's news
Tuesday 24 April 2007, 11:23 AM
A poke in the eye for security vendors
Good security hardware and software are not the top priority for securing a corporate network, according to a leading security consultant presenting at the InfoSecurity Europe show in London's Olympia today.
Much more important is getting management to support IT security policy - and for users to follow it. This is according to Yves Le Roux, one of the leading figures behind ISC(2), the organisation which offers training to security professionals. Le Roux, for the record, is also a technology strategist at Computer Associates in his day job.
That's pretty much a poke in the eye for those selling security products, but what Le Roux says makes some sense. Human weaknesses are often underestimated in terms of how vulnerable they can make a corporate network.
In his presentation this morning, Le Roux also said that organisations must not have security generalists: security is now so broad that individuals must specialise in a particular technology - be that encryption, network design or compliance - to be effective.
In terms of training needs, security professionals are demanding training in information security risk management, business continuity and forensics, ISC(2)'s research found.
And a new young breed of security professionals is entering the profession. Le Roux said there were now an increasing number of security professionals earning the lower band of salaries, and also that the average age of security professionals was falling.
Much more important is getting management to support IT security policy - and for users to follow it. This is according to Yves Le Roux, one of the leading figures behind ISC(2), the organisation which offers training to security professionals. Le Roux, for the record, is also a technology strategist at Computer Associates in his day job.
That's pretty much a poke in the eye for those selling security products, but what Le Roux says makes some sense. Human weaknesses are often underestimated in terms of how vulnerable they can make a corporate network.
In his presentation this morning, Le Roux also said that organisations must not have security generalists: security is now so broad that individuals must specialise in a particular technology - be that encryption, network design or compliance - to be effective.
In terms of training needs, security professionals are demanding training in information security risk management, business continuity and forensics, ISC(2)'s research found.
And a new young breed of security professionals is entering the profession. Le Roux said there were now an increasing number of security professionals earning the lower band of salaries, and also that the average age of security professionals was falling.
Previous
