Improving information security with one simple question
by Brian Honan - Head of IRISSCERT - Monday, 17 December 2012.
Bookmark and Share
Why are vendors pitching story after story about the above issues? Is there a genuine concern that we should be aware of, or is it simply a way for vendors to make companies more nervous about their security and therefore buy their products? Is all the talk and hype about cyber-warfare and cyber-weapons something that we all should worry about or is it a way for vendors and other interested parties to create a perceived need for governments and industry to provide funding in this area? By asking “why are these stories appearing in the first place?” we can better understand the issues that really affect us as professionals, as a community and also affect our organizations.

The question “why?” should not just be reserved for vendors, pundits and those in the information security industry - we should also look into our organizations and ask the same question of them. We need to better understand the business that our organizations are conducting so we can better protect them. By engaging with our business colleagues and asking them the question “why?” we can better understand the issues the business is trying to address. It can help us eliminate unnecessary distractions and allow us focus on delivering real value and benefits to the organization.

Let’s stop being distracted by the “who?”, the “what?”, the “where?” and the “when?”. Let’s focus instead on the “why?”. It is time to reignite the curiosity that drove the early pioneers of the security community and made “why?” a useful tool once again.



Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to the Europol Cybercrime Centre, an adjunct lecturer on Information Security in University College Dublin, and he sits on the Technical Advisory Board for a number of innovative information security companies. He has addressed a number of major conferences, he wrote the book ISO 27001 in a Windows Environment and co-author of The Cloud Security Rules. He regularly contributes to a number of industry recognized publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites.

Spotlight

Identifying security innovation strategies

Posted on 14 April 2014.  |  Tom Quillin is the Director of Cyber Security Technology and Initiatives at Intel Corporation. In this interview he talks about security innovation, current and future threats.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //