Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations. But, information security is also a lot like fashion with cyclical hype and theater: today – , HIPAA, iOS and Android security, yesterday – Sarbanes-Oxley, federated identity management, data loss protection and application security firewalls.
Back in 2007, I thought we might a return to the Age of Reason, where rational risk management replaces blind compliance check lists – I thought that this could happen for 2 reasons:
- Compliance projects can have good business value, if you focus on improving the product and it’s delivery.
- Security is like fashion – both are cyclical industries, the wheel can also turn around in the right direction.
HIPAA compliance is a minimum but not sufficient requirement for product and process improvement.
Healthcare companies and medical device vendors that do HIPAA compliance projects, may be paying a steep price for HIPAA compliance without necessarily getting a return on their investment by improving the core features and functionality of their products and service offerings.
Compliance driving improvements in products and services is good for business, not just a mantra from Mcafee.
It could happen, but then again, maybe not. Look at the trends. Taking a sample of articles published in 2011 on the eSecurityPlanet Web site we see that mobile devices and cloud services lead the list, followed by IT security with healthcare closing the top 15. I guess cost-effective compliance is a lot less interesting than Android security.
- iOS vs. Android Security: And the Winner Is?
- 5 iOS 5 Enterprise Security Considerations – You can’t keep Apple out of the enterprise anymore so it’s best to figure out the most secure way to embrace it, writes Dan Croft of Mission Critical Wireless.
- PlayBook Tops in Tablet Security – Recent price reductions may mean more Blackberry Playbook tablets entering your organization, but that may not be such a bad thing for IT security teams.
- Android Security Becoming an Issue – As the Android mobile platform gains market share, it also garners a lot of interest from cyber crooks as well as IT security vendors.
- Which Browser is the Most Secure? – The ‘most hostile’ one, say researchers at Accuvant Labs.
- How to Prevent Employees from Stealing Your Intellectual Property -It’s the employee with the sticky hands that is the easiest and cheapest to thwart.
- Security Spend Outpacing the Rest of IT – High profile breaches and mobile devices are driving IT security spending.
- Public Cloud Keys Too Easy to Find -If you put the keys to your cloud infrastructure in plain sight, don’t be surprised if you get hacked.
- Zeus (Still) Wants Your Wallet – The antivirus community has failed to figure out this able and persistent piece of malware. It’s as simple as that.
- Spear Phishing Quickly Coming of Age – Even the security giants are not immune from this sophisticated and growing form of attack, writes Jovi Bepinosa Umawing of GFI Software.
- Penetration Testing Shows Unlikely Vulnerabilities – Enterprises need to dig deeper than just automated scanning to find the really interesting and dangerous cyber security flaws.
- Bank Fraud Still Costing Plenty – Bank fraud is and will continue to be an expensive problem.
- Do IT Security Tools Really Make You Safer? – Yet another suite of tools for IT security folks to administer and manage can actually have the opposite effect.
- Siege Warfare in the Cyber Age – In one the unlikeliest turn of events brought about by technology, it looks like Middle Ages’ siege warfare may be making a comeback, writes Gunter Ollmann of Damballa.
- Healthcare Breaches Getting Costlier – And it’s not just dollars and cents that are on the line – reputations are on the line, writes Geoff Webb of Credant Technologies.