Computerworld - Ask an IT executive whether he'd prefer a proactive security stance over a reactive one, and of course the answer would be yes. For one thing, it just sounds better. Plus, it's not much fun being reactive, because it means cleaning up messes like thousands of virus-infected PCs and explaining the nightmare to the boss.
So this special report is dedicated to the notion that it's better to be proactive -- a concept that seems obvious but is very new in the IT security field. You'll learn how to buy intrusion-prevention systems, build a proactive security organization and bake security into the application development process at the outset.
But no security organization can possibly be 100% proactive. "That would mean that you predict every possible threat and risk to your organization. The fact is that you will be surprised and caught off-guard from time to time," says Doug Landoll, CEO of IT security consultancy Veridyn. In other words, sometimes you'll have no choice but to be reactive, though ideally you will be able to quickly identify and respond to those crises, he says.
So what we're really saying is that it's time to blend some proactive techniques into your security mix, which is what forward-thinking companies like General Motors and AT&T are doing. "You just cannot sit back any longer and wait for your LAN to go down," says Ed Amoroso, chief information security officer at AT&T. "You need to be looking at things before they become a problem."
Mitch Betts is executive editor of Computerworld. He can be reached at mitch_betts@computerworld.com.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
