-
Discussion Boards
- Welcome to the Community
- 1 categories, 6 boards
- Desktops and Workstations
- 1 categories, 12 boards
- Mobile
- 7 boards
- Networking
- 6 categories, 20 boards
- Operating Systems
- 7 categories, 76 boards
- Printing and Digital Imaging
- 1 categories, 17 boards
- Partner Solutions
- 2 categories, 5 boards
- HP ExpertONE
- 4 boards
- Solutions
- 1 boards
-
BlogsEnglish
- Community Home
- >
- Software
- >
- Enterprise Security
- >
- Following the White Rabbit - Security & Risk through a new looking glass
- >
- 3 Words to Describe Enterprise Security
- Subscribe to RSS Feed
- Mark as New
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report Inappropriate Content
3 Words to Describe Enterprise Security
We Information Security professionals are a cynical bunch.
I asked on Twitter for some of you to reply to me, answering the following question:
"Describe Enterprise Security" in 3 words, add the #EntSec hashtag to it.
And you probably wouldn't be surprised what sorts of things people replied with.
The List
Here's a list of some of the most interesting answers:
- "lack of funds"
- tactical, overwhelmed, undefined"
- "frozen in 2003"
- evolving, broken, compliance
- misunderstood, under-appreciated, compromised
- appliances, applications, misguided
- "cover executive a**es"
- governance, visibility, structure
- collaboration, prioritization, strategy
- triaging, fighting, futility
- prevent, detect, learn
- detect, prosecute, repeat
- "perception trumps truth"
- unmeasured, unfocused, unwilling
- "immature data science"
- "responsibility without authority"
The whole list (which is still growing) can be found here: https://docs.google.com/spreadsheet/ccc?key=0AuxqU
If you wish to contribute, just reply to me (@Wh1t3Rabbit) on Twitter, with the hashtag #EntSec ...
Analysis
I don't think it takes a rocket scientist to analyze what is going on here.
We're cynical. We're sick of vendors selling our management on solutions that don't actually solve anything, and tend to continue to cram our network closets and data centers with devices we can't hope to manage. In fact, many security professionals and information security management alike are getting fed up with vendors who don't take the time to understand the issues they're facing - and simply to to sell, sell, sell ... If you want evidence take a listen to Episode 4 of "Down the Rabbithole" ...I have 2 guests who are security managers at very small companies, listen to their advice to their vendors ( link here )
There is another side to the coin, and I think this means opportunity. For every negative there is a chance to fix it, and I firmly believe that not all vendors are created equal. I think plenty of us vendors listen to our customers, and attempt to provide actual solutions once we've taken the time to identify a problem.
Let me propose a step forward, then. Vendors - let's make sure we understand our customers. Consumers - please take the time to articulate what struggles you have, what makes work-life difficult, and the true nature of your security problems. I think too often consumers of security products and services are so careful not to disclose anything, that they don't give the vendor a chance to understand them better. Yes, this means I'm blaming both sides, almost equally.
Let's raise awareness together, and start solving some actual problems. It's crystal-clear we can be cynical ...but can we actually make some lemonade here?
-
-
Follow Us on Facebook
-
Follow Us on Twitter
-
Follow Us on LinkedIn
-
Follow Us on Flickr
-
Follow Us on Youtube
-
Follow Us on SlideShare
-
Follow Us on Google+
- The [Hidden] Cost of Software Security Fixes in En...
- HP ShadowLabs deepens the talent pool
- Melville's "Bartleby the Scrivener" and what it te...
- Let's talk business agility (Survey analysis)
- Root Cause Analysis (RCA) - a critical skill
-
Logging: Opening Pandora's Box - Part 4 (Awareness
... -
Logging: Opening Pandora's Box - Part 3 (Paralysis
... - Why does software security keep falling off your b...
- Keeping Security Relevant - From Control to Govern...
- Logging: Opening Pandora's Box - Part 2 (Elation)
- John Kozlowski(anon) on: Let's talk business agility (Survey analysis)
- todd mahnom(anon) on: Root Cause Analysis (RCA) - a critical skill
- DeeLima2(anon) on: Why does software security keep falling off your b...
- Olivier Saudan(anon) on: Keeping Security Relevant - From Control to Govern...
- Clerkendweller on: Logging: Opening Pandora's Box - Part 2 (Elation)
- reswob10(anon) on: Logging: Opening Pandora's Box - Part 1 (Anxiety)
-
Neira Jones(anon)
on:
NoOps and the Evolving Role of Informatio
n Securit... -
cpfoutz(anon)
on:
Missing Opportunit
ies - Making things worse by ask... - Sidragon(anon) on: Cyber Weapons - Bits instead of bullets but damage...
- Phil Cox(anon) on: Patch Management in the Cloud - It's About Consist...
-
0day
(2) -
2009 prediction
(1) -
30_in_30
(30) -
academia
(1) -
academic hack
(1) -
administrivia
(1) -
adware
(1) -
Agile
(1) -
Agility
(1) -
AJAX
(1) -
AJAX security
(1) -
alerting
(1) -
ALM
(1) -
announcement
(2) -
announcements
(2) -
anonymity
(1) -
application development
(3) -
application security
(12) -
application security case study
(1) -
application security program
(1) -
application security program challenges
(3) -
application security testing
(2) -
application security workshop
(1) -
assessments
(1) -
attribution
(1) -
audience
(1) -
authentication
(1) -
automated testing
(2) -
automated tools
(1) -
automation
(3) -
Black Hat SEO
(1) -
black-box testing
(1) -
blackbox
(1) -
blacklist
(1) -
breach
(3) -
breach impact
(2) -
browser
(1) -
browser database
(1) -
bsides
(1) -
budget
(3) -
business case
(1) -
business intelligence
(1) -
business logic defect
(2) -
business value
(1) -
businessweek attack
(1) -
businessweek hack
(1) -
byod
(1) -
change control
(1) -
change management
(1) -
CIO
(1) -
CISO
(5) -
Cloud
(4) -
cloud computing
(20) -
cloud security
(11) -
cloudpocalypse
(1) -
ColdFusion
(1) -
Commentary
(1) -
complexity
(1) -
compliance
(6) -
compromise
(4) -
Computer Security Institute
(1) -
conference
(2) -
conferences
(7) -
Converged Cloud
(1) -
crisis management
(1) -
critical infrastructure
(1) -
Cross-Site Scripting
(2) -
CSI Conference
(1) -
cyber security
(2) -
cyber war
(1) -
cybercrime
(1) -
data breach
(15) -
data breach notification
(1) -
data compromise
(1) -
data loss prevention
(8) -
data sanitization
(1) -
data-flow analysis
(1) -
defects
(2) -
defense
(1) -
defense in depth
(1) -
development
(4) -
development psychology
(1) -
DevOps
(2) -
dynamic analysis
(4) -
educating developers
(2) -
education
(1) -
EFD
(1) -
ehealth
(2) -
encryption
(2) -
enterprise application security
(1) -
Enterprise security
(49) -
Enterprise Security Intelligence
(2) -
enterprise security management
(1) -
enterprise security services
(1) -
enterprise web application security program
(2) -
ethics
(1) -
evolution
(1) -
Execution Flow Based Testing
(1) -
Failed
(1) -
failure
(1) -
federated identity management
(1) -
file upload
(1) -
firesheep
(1) -
functional specification
(2) -
future of web application security
(1) -
guest blog
(2) -
hack
(2) -
hacked
(3) -
hacking
(15) -
hacking demonstration
(3) -
hacking file upload hacking
(1) -
hacking incident
(2) -
hacking web application logic
(1) -
hacking workshop
(1) -
Hacktivism
(6) -
haktivism
(1) -
healthcare
(2) -
HITECH
(1) -
holistic security
(1) -
HTML 5
(1) -
HTML5
(1) -
HttpOnly
(1) -
https
(2) -
Hybrid Analysis
(1) -
hybrid delivery
(1) -
ICANN
(1) -
identity theft
(1) -
IE
(1) -
iis security
(1) -
incident
(5) -
incident handling
(1) -
incident response
(9) -
incidents
(1) -
industry commentary
(1) -
Information Management
(1) -
information security
(16) -
InfoSec World 2009
(2) -
Innovation
(1) -
input validation
(2) -
Instant-ON Enterprise
(2) -
interview
(1) -
IPv6
(1) -
ISSA
(1) -
IT Performance
(4) -
KPI
(3) -
KPIs
(5) -
legacy applications
(2) -
liabiilty
(1) -
live hacking workshop
(1) -
live web application hacking
(1) -
logging
(4) -
logic defects
(1) -
logic flaws
(1) -
Malware
(1) -
malware distribution
(1) -
marketing
(1) -
Metrics
(4) -
misconceptions
(1) -
mobile application security
(2) -
Mobile Applications
(2) -
mobile security
(2) -
mobility
(1) -
movie theater hacked
(1) -
Mozilla Bug 178993
(1) -
NetOps
(1) -
News
(2) -
noops
(1) -
online shopping
(1) -
ooda
(3) -
ooda loop
(2) -
OOPS
(30) -
open source
(2) -
open-source software security
(1) -
Operations Manager
(1) -
OSS security
(1) -
OWASP
(6) -
Password Security
(2) -
patch management
(1) -
patchwork cloud
(7) -
PCI Compliance
(2) -
PCI DSS
(3) -
penetration testing
(1) -
perform better
(2) -
phishing
(2) -
phpBB
(1) -
phpMyAdmin
(1) -
planted bug
(1) -
plug-in
(2) -
poccast
(1) -
podcast
(3) -
politics
(2) -
ponemon
(1) -
president hacked
(1) -
privilege
(1) -
process improvement
(1) -
program failures
(1) -
program maturity
(1) -
program secrets
(1) -
provisioning
(1) -
psychology
(2) -
QA
(7) -
quality
(4) -
Quality Management
(1) -
Quality testing
(1) -
reality check
(1) -
requirements management
(1) -
Research
(1) -
Rich Internet Applications
(1) -
risk analysis
(1) -
risk management
(8) -
risk mitigation
(1) -
risk rating
(1) -
ROI
(1) -
SaaS
(3) -
sandbox
(1) -
sandboxing
(1) -
SCADA
(1) -
school hack
(1) -
scurity vulnerabilities
(1) -
SDL
(1) -
SDLC
(3) -
Search Engine Optimization
(1) -
SecBiz
(10) -
SecOps
(1) -
secure code development
(1) -
security
(6) -
security architecture
(2) -
security automation
(3) -
security awareness
(2) -
security budget
(1) -
security conference
(3) -
Security Conferences
(5) -
security defects
(1) -
security fail
(21) -
security intelligence
(2) -
security operations
(1) -
security program
(8) -
security relationship
(1) -
security requirements
(1) -
security testing
(7) -
security tools
(1) -
security vulnerability
(1) -
securitycurity program
(2) -
Securityity Bloggers Awards
(1) -
service management
(1) -
services
(1) -
SIRM
(1) -
slides
(1) -
social engineering
(1) -
social media
(1) -
software defects
(1) -
software design
(1) -
software development
(1) -
software quality
(7) -
software security
(7) -
software security assurance
(34) -
sofware security assurance
(2) -
speaking
(2) -
SQL Injection
(3) -
sql injection attack
(1) -
ssa
(12) -
standards
(1) -
StarWest
(1) -
static analysis
(1) -
static code analysis
(2) -
strong authentication
(1) -
student hacker
(1) -
study
(2) -
talk
(3) -
talks
(2) -
technology
(1) -
technology strategy
(1) -
terminology
(1) -
testing
(4) -
testing methodology
(1) -
threat analysis
(1) -
threat assessment
(1) -
threat intelligence
(2) -
threat modeling
(1) -
TLS
(1) -
tools
(2) -
Top x
(1) -
trade shows
(1) -
transparency
(1) -
trends
(1) -
trust
(2) -
Twitter
(1) -
uncommon sense
(1) -
user-agent
(1) -
voting system
(1) -
vulnerabilities
(2) -
Vulnerability
(1) -
vulnerability context
(1) -
WDPRS
(1) -
Web 2.0
(4) -
web application
(2) -
Web application firewall
(1) -
web application hack
(1) -
web application hacking
(1) -
web application hacking live
(1) -
web application security
(23) -
web application security awareness
(3) -
web application security business case
(2) -
web application security case study
(1) -
web application security program
(4) -
web application security workshop
(1) -
web application vulnerability
(2) -
web applications
(4) -
web hack
(2) -
web server error
(1) -
web.config
(1) -
Webinar
(1) -
WebKit bug 10957
(1) -
webmail
(1) -
whitebox
(2) -
whitelist
(1) -
workflow vulnerability
(1)
- « Previous
- Next »
