I see a lot of arguments for against this type of approach and I would certainly not be so fixed as to say the solution is this simple. It is far too big of a topic to provide a simple "Yes I agree" or "no I don't" answer.
What is, in your opinion, the biggest challenge in protecting information at the enterprise level?
The biggest challenge in Information Security Risk Management is at the Enterprise Scale. Organizations are finding it difficult to get their hands around security when it has so many dimensions and possibilities. Medium and large companies have spent the past few years building an arsenal of tools and technologies to solve point-in-time-problems (one series of problem = one tool/solution). But now organizations have to consider so many vulnerabilities & exposures, so many tools & technologies, and so many regulations & standards, that such tunnel vision is no longer possible. Organizations are challenged to adopt information security risk management practices that span from the business requirements, to the governing regulations, to the technical details. And all this needs to be accomplished in the midst of shrinking budgets and increasing threats from the outside world.
What are your future plans? Any exciting new projects?
I am extremely excited about a new technology we have developed at RelSec. Over the past several years we have been working to develop RSAM (Relational Security Assessment Manager), which provides clients and consulting companies with an open and adaptable framework for assessing/managing risks and safeguards in a large-scale manner. The capabilities of this technology are tremendous, far beyond my expectations from the security world. I imagine this will be the standard security tool for assessment and risk management in the years to come, and I am excited to be involved with it from the start.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.