CPE: McAfee AudioParasitic: Episode 4: Are we solving the problem in the Security Industry? Part 1/2
length: 00:19:27
discussion with Stuart McClure
Stuart was family for a while…
Started in late 80s – until early 90s – blossom into significant
consultant – E&Y, IDG, first security column InfoWorld…
Wrote hacking Exposed series…
Founded Founstone – we need to automate a lot of our
knowledge , process, priorities…put it into training, technology – process of
assessing your risk.
Where the biggest risk are? With the least amount of
effort to remediate successfully the problem & repair…
Foundstone was acquired by McAfee…
Are we solving the problem in the Security Industry?
Or are we in the maintenance mode / catchup mode –
because the bad guys are always one step ahead???
Are we shoveling sand against the tide?
Security is a process- it not a finish line.
The earlier people get that the easier it will be.
There is big problem, because people wants quick-fix but
there is no quick fix.
If you understand security you can really kill 80-20
rule:
80% of the way hacker penetrate can be remediated by 20%
of the effort.
Are we fixing the problem?
Yes, we are but there is not quick fix- manager security
day to day – since zeroday..
SW is really consists of 3 components:
1.
Input
2.
Process
3.
Output
Hacker: focus only on input – expecting the process to
provide different output..
posted by omarg at
9:44 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home