Proactive Security

How to build a security organization and select tools that can foil internal and external attacks.

Ask an IT executive whether he'd prefer a proactive security stance over a reactive one, and of course the answer would be yes. For one thing, it just sounds better. Plus, it's not much fun being reactive, because it means cleaning up messes like thousands of virus-infected PCs and explaining the nightmare to the boss.

So this special report is dedicated to the notion that it's better to be proactive -- a concept that seems obvious but is very new in the IT security field. You'll learn how to buy intrusion-prevention systems, build a proactive security organization and bake security into the application development process at the outset.

But no security organization can possibly be 100% proactive. "That would mean that you predict every possible threat and risk to your organization. The fact is that you will be surprised and caught off-guard from time to time," says Doug Landoll, CEO of IT security consultancy Veridyn. In other words, sometimes you'll have no choice but to be reactive, though ideally you will be able to quickly identify and respond to those crises, he says.

So what we're really saying is that it's time to blend some proactive techniques into your security mix, which is what forward-thinking companies like General Motors and AT&T are doing. "You just cannot sit back any longer and wait for your LAN to go down," says Ed Amoroso, chief information security officer at AT&T. "You need to be looking at things before they become a problem."

Mitch Betts is executive editor of Computerworld. He can be reached at

Special Report

Proactive Security

Stories in this report:


Copyright © 2005 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon