Just like with security threats of today, the problem of managing risks remains largely the same. The problem comes from identifying more cost effective solutions to achieve the same target and sometimes this means passing some of the burdens on to suppliers. Although risk management and security management are not the same, it is generally agreed that a multi-layered approach to system security is the best approach for both lowering risks and increasing system security. However the problem that emerges from this is that the more complex the defences, the more expensive and complex they become to manage.
Repeatedly surveys have shown that one of the biggest challenges for employers is the lack of experienced and qualified staff to manage all those defences, studies have shown that employing a manager in this area could significantly reduce cyber security related costs. In March 2011 the “Cost of Data Breach Study” found that US organizations which hired a chief information security officer with enterprise wide responsibility for data protection lowered the cost of the data breach by an average of 35% per compromised record (Symantec, 2011). The study averaged cyber breaches at 5.5 million, so the investment in a trained and experienced member of staff to manage security is easily justified.
The problem surrounding the lack of experts in the industry is being tackled in the UK with funding from central government in order to help create the next generation of security specialists. This has started with the first eight universities being awarded the “Centre of Excellence in Cyber Security” status and the funding that it brings. There has also been a closer tie between government and industry in order to identify security weakness areas that we can develop together. This is something that I am proud to say that Titania is deeply involved in and have found very worthwhile.
Titania Labs released a variety of free tools. Which ones do you find security professionals using the most?
We provide a number of different free tools on our site, mostly with a security theme. They are typically used to help an auditor quickly identify useful information during an audit. SSLScan is probably the most popular of these tools. It queries SSL services, such as encrypted web services, and provides details of what cryptographic ciphers are supported by the service. It is useful for highlighting where weak cryptographic ciphers are used.
What are your flagship products and who are your clients?
Our flagship product is Nipper Studio which produces a variety of expert level reports on network infrastructure devices such as Firewalls, Switches and Routers. Nipper Studio has recently won a variety of awards, and gained glowing independent reviews. This is largely because it is easy to use and yet provides a detailed report similar to that custom written by an auditor. The level of assessment Nipper Studio provides is normally only achievable via costly external audits and is vastly greater than results that can be found by scanning based solutions.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.