Friday, January 13, 2012

CPE: McAfee AudioParasitic: Episode 4: Are we solving the problem in the Security Industry? Part 1/2

length: 00:19:27

discussion with Stuart McClure

Stuart was family for a while…
Started in late 80s – until early 90s – blossom into significant consultant – E&Y, IDG, first security column InfoWorld…
Wrote hacking Exposed series…
Founded Founstone – we need to automate a lot of our knowledge , process, priorities…put it into training, technology – process of assessing your risk.
Where the biggest risk are? With the least amount of effort to remediate successfully the problem & repair…

Foundstone was acquired by McAfee…

Are we solving the problem in the Security Industry?
Or are we in the maintenance mode / catchup mode – because the bad guys are always one step ahead???
Are we shoveling sand against the tide?

Security is a process- it not a finish line.
The earlier people get that the easier it will be.
There is big problem, because people wants quick-fix but there is no quick fix.

If you understand security you can really kill 80-20 rule:
80% of the way hacker penetrate can be remediated by 20% of the effort.

Are we fixing the problem?
Yes, we are but there is not quick fix- manager security day to day – since zeroday..

SW is really consists of 3 components:
1.       Input
2.       Process
3.       Output

Hacker: focus only on input – expecting the process to provide different output..

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home