Improving information security with one simple question
by Brian Honan - Head of IRISSCERT - Monday, 17 December 2012.
Why are vendors pitching story after story about the above issues? Is there a genuine concern that we should be aware of, or is it simply a way for vendors to make companies more nervous about their security and therefore buy their products? Is all the talk and hype about cyber-warfare and cyber-weapons something that we all should worry about or is it a way for vendors and other interested parties to create a perceived need for governments and industry to provide funding in this area? By asking “why are these stories appearing in the first place?” we can better understand the issues that really affect us as professionals, as a community and also affect our organizations.

The question “why?” should not just be reserved for vendors, pundits and those in the information security industry - we should also look into our organizations and ask the same question of them. We need to better understand the business that our organizations are conducting so we can better protect them. By engaging with our business colleagues and asking them the question “why?” we can better understand the issues the business is trying to address. It can help us eliminate unnecessary distractions and allow us focus on delivering real value and benefits to the organization.

Let’s stop being distracted by the “who?”, the “what?”, the “where?” and the “when?”. Let’s focus instead on the “why?”. It is time to reignite the curiosity that drove the early pioneers of the security community and made “why?” a useful tool once again.

Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to the Europol Cybercrime Centre, an adjunct lecturer on Information Security in University College Dublin, and he sits on the Technical Advisory Board for a number of innovative information security companies. He has addressed a number of major conferences, he wrote the book ISO 27001 in a Windows Environment and co-author of The Cloud Security Rules. He regularly contributes to a number of industry recognized publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites.


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th