HNS MAIN FEED
Saturday, 03:48 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Q&A: Security challenges in today's economy
by Mirko Zorz - Friday, 23 October 2009.
Dave Hansen is the Corporate Senior Vice President and General Manager, CA Security Management. In this interview, he discusses how the underground economy is impacting large organizations and tackles the good and bad sides of compliance.With threats evolving at a breakneck pace and the underground working on a seemingly endless budget, how is this situation impacting the work of a security manager in a large organization?
Security managers today have to be concerned about a lot more than external threats, such as a virus or denial of service attack, and internal threats from employees and partners. A few factors have evolved in recent years that have elevated the focus on security to the business level, not just an IT level.
As security technology continues to play a direct role in business compliance initiatives, security manager's need to look at their jobs more closely through a business lens versus just technology. They have to think about things like internal and external audits; they have to concern themselves with overall business risk and ensure they balance security with employee productivity.
Achieving that balance of the right level of security so that a business and its data are protected while still allowing enough flexibility for employees to do their jobs is more complex than it sounds. As individuals change roles in an organization, their access to data and applications often changes. Making sure the proper access is provisioned and deprovisioned in a timely manner is central to ensuring employee productivity and even more so in meeting compliance mandates.
This security and productivity balance becomes an even greater challenge when you consider employees or partners who are granted privileged access because of their position as an administrator. They often need to have access granted that is broader in order to do their jobs. However, this access introduces vulnerabilities that must be controlled.
The convergence of physical and logical security also is giving security managers something to think about. The intelligence that can be gained by linking physical security systems and logical security systems can help provide deeper transparency for security and compliance needs.
The challenges for today's security managers are much more complex than they were at the beginning of the decade and we're working with our customers to help them manage that security complexity and strike that balance of productivity and security.
1 | 2 | Next page >>
- Q&A: Wireshark
- Best practices for DNS security
- Spam evolution: September 2009
- Looking back at 2009 through SQL injection goggles
- Q&A: Web application security
