Our Broken Information Security Business

Wednesday, April 2, 2008 by Mistlee

Can't see any images? - !

Click to Play

WebProNews Bloopers
Unfortunately we, here at WebProNews, aren’t perfect. Video production takes time, and as you can see from the video, a lot of re-takes and patience. We have fun...

Top Security News

G-Archiver Pulls Their Software From Distribution
G-Archiver, the software that was previously caught by coding horror and blogged about here has pulled the version of the software that captures user credentials and e-mails them to Google. From the time it...

Enterprise CMS Fall Short On Security Demands
CMS Watch released research that finds Enterprise Content Management (ECM) products ill-equipped to meet the security requirements of Service Oriented Architectures (SOA). In its most recent research...

Flash Vulnerabilities Discovered By Google Researchers
The Register reports that Google Researchers have documented serious vulnerabilities in Adobe Flash content which leave tens of thousands of websites susceptible to attacks that steal the personal...

Hackers Bypassing Registration With PyCurl
Interesting hacking attack going on at a social networking site that I am working on today. Seems that the hacker is using PyCurl to bypass the registration page and dump user's right into the system.


Our Broken Information Security Business

By Dan Morrill

4.2 million accounts were exposed in a supermarket data hack.

This will probably go down as the biggest breach in this quarter, but unlikely to go down as the biggest data breach for 2008. What is interesting through is that the data breach actually occurred in December of 2007, and was not noticed or caught until the 27th of February. It was "contained" on the 10th of March.

This demonstrates just how broken information security as a profession is, the question is what can we do as stakeholders in our profession, to fix it.

PORTLAND, Maine - A security breach at an East Coast supermarket chain exposed more than 4 million card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday. Source: USA Today

The good part is that they have caught 1,800 people fraudulent transactions, but this in no way makes it easier for the people who have had their banking data exposed on the internet. Flowing data though went back through and looked at the top 10 security breaches since 2000, and was surprised to see that massive data breaches like this are happening more often as we move into 2008.

This is the wrong direction, and one of the reasons why we as security engineers and professionals are losing the war. The question is that with all the education, the uptake by senior management, certification, college degrees and other ways of proving competence in information security, why we are dealing with data breaches, hacking attacks, and other issues like this.

Finding A talent is not easy, but maybe as we horrifically lose the information security war for web 1.0, we are at fault. Flexible ethics may or may not be the answer. We have to find out why we as a profession have so miserably failed to do our duty to our companies.

Call Today For a Free Domain Consult

What part of our industry is broken, or is the whole thing broken? In light of data breaches that are exposing millions of accounts now, it is time to really find out why we are broken, and what steps we need to take to fix our broken industry. Frankly, we as an industry cannot keep on going in this direction, if we do keep on working in an environment of ever escalating security breaches; our value as "information security professionals" becomes meaningless.

Do we need better education? Better certifications? Do we need more meaningful education and certifications? Do we need to start a state or government run licensing program like they do for doctors and lawyers? What are your thoughts on what we need to do to fix our broken information security business?


About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
About EnterpriseSecurityNews
Security news and updates for your enterprise

EnterpriseSecurityNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com

-- EnterpriseSecurityNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2008 iEntry, Inc. All Rights Reserved Privacy Policy   Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article

Unsubscribe from EnterpriseSecurityNews.
To unsubscribe from EnterpriseSecurityNews or any other iEntry publication, simply send an email request to: support@ientry.com
Enterprise Security News News Archives About Us Feedback EnterpriseSecurityNews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact