Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Virus and Vulnerability Roundup
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Premier 100 Panelist: Security a Drill in Risk Management

June 26, 2000 12:00 PM ET

Computerworld - Gregory Schaffer is a director in the digital risk management and forensics investigations practice at PricewaterhouseCoopers. At Computerworld's Premiere 100 event last week in Palm Desert, Calif., he shared his thoughts on information technology security during a panel titled "Enterprise Security: Will Only the Paranoid Survive?" He later spoke with reporter Ann Harrison.



Q: Why do so many businesses have weak IT security systems?

A: Network security can be a horribly complex problem that is not easily solved by simply implementing some off-the-shelf system. It's not just a matter of installing a virus checker or intrusion detection software or a firewall; that is not enough.

Even the most straightforward solutions available need to be monitored and maintained and patched on a regular basis to be effective. Ultimately organizations need to look at their own risk management issues and decide what level of vulnerability they can afford. They often will prefer to spend money on something that drives sales and make security a secondary priority, but with the "I Love You" virus, the tables are starting to turn because the damage levels are starting to rise to the point where security concerns can no longer be taken lightly.



Q: Are many companies vulnerable because they fail to patch known holes?

A: Staying abreast of security vulnerabilities and applying appropriate countermeasures is increasingly difficult as systems become more complex and as merger activities require the combinations of systems that were never intended to be linked to one another. New technologies are implemented almost in real time as they become available, and it takes time for security issues to bubble up to the surface and be really addressed. While it's hard for full-time security professionals to keep up with everything, it's really hard for someone who is tasked with maintaining a network and tasked with doing the security piece at the same time.

Q: Should companies seriously consider outsourcing their security management?

A: There are definitely advantages to having people who are security professionals handle security. It is a complicated task, and so it is easier for a security professional that can make these issues the focus of his or her business. It behooves them to be up-to-date and follow the latest trends, not as a distraction from, say, a sales goal, but as a core focus.

Q: Some companies are moving their security divisions to auditing departments. Is this a good idea?

A: In some instances, it is a matter of clout and a way to give security folks greater influence over



Jump to comments

Viruses

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.