Jabablog » Vulnerabilities http://blog.jabawoki.com Nothing to see here, Move along... Fri, 05 Mar 2010 13:17:04 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 2006-2010 jay@jabawoki.com (Jabawoki) jay@jabawoki.com (Jabawoki) music 1440 House,electro,hard,mix,dj,hardcore,hardstyle,trance, progressive, house, music, hardcore, handbag, happy, tech, deep, security, infosec, itsec, jay, abbott, jay abbott, jabawoki Jabawoki Presents: House Music Mixes, everything from electro to hard, from 2000 onwards, courtesy of Jabawoki. Jabawoki Jabawoki jay@jabawoki.com No no http://blog.jabawoki.com/wp-content/plugins/podpress/images/SubSide-small.jpg Jabablog http://blog.jabawoki.com 144 144 The Asymmetry of Security http://blog.jabawoki.com/2008/11/26/the-asymmetry-of-security/ http://blog.jabawoki.com/2008/11/26/the-asymmetry-of-security/#comments Wed, 26 Nov 2008 19:24:14 +0000 Jabs http://blog.jabawoki.com/?p=1692 Personally, I think this is one of the most important concepts of today. Its simple enough to grasp and illustrates the point very well.

Consider these examples:

  1. From an effort perspective, the effort required to secure a system is significantly less than that required to exploit it.
  2. From a cost perspective, it is less expensive to prevent a serious data breach than it is to clean up and recover from one.

Point 1 above was illustrated very clearly to me on the IISP’s TopGun event I attended recently, and is a scenario that you have to step back from to fully appreciate. Eg. If you have a smallish network, with most modern services such as web, email, mobile, databases, websites etc, then the effort to secure that is quite mammoth. You have to consider the perimeter, the information, how its stored and used, what services are on offer and the impacts etc. Then you have to consider every conceivable vulnerability, patching strategies and stay on top and at least up to speed with the curve of change. All of these efforts equate to a team of people, but all it takes to break in, is 1 person with a brain, motive, and a few freely available tools.

Point 2 of course, was illustrated very well by a study by the Pnemon Instutue LLC in conjunction with PGP and Vontu (Symantec), this study evaluated the true cost of a breach of data security and considered factors such as direct and indirect costs, and has trended the data over the last few years with enlightening results.

Despite both of these points clearly illustrating that the best way to tackle the security conundrum is head on and proactively, those of us in the industry will all surely testify that getting the right backing, funding, and often, even the right audience with the business, is still a hard task. From my perspective, I will keep on trying, and keep on flying the flag in the hope that one day reality sets in and my job / life gets easier!

Unlike
Digg This  Reddit This  Stumble Now!  Buzz This  Vote on DZone  Share on Facebook  Bookmark this on Delicious  Kick It on DotNetKicks.com  Shout it  Share on LinkedIn  Bookmark this on Technorati  Post on Twitter  Google Buzz (aka. Google Reader)  
Tags: , , ,

Related posts

]]> http://blog.jabawoki.com/2008/11/26/the-asymmetry-of-security/feed/ 0