荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: Lg (创造人生的传奇), 信区: Linux
标 题: Best Practices in Network Security - 4
发信站: BBS 荔园晨风站 (Sun Mar 19 14:56:48 2000), 转信
Best Practices in Network Security
March 20, 2000
Reader Survey
Is Security the Next Big Thing?
When it comes to enterprise network security, our survey respondents seem to be
a very confident bunch. Are they just deluding themselves? By Greg Shipley
Corporate security is an extremely slippery topic. People love to talk about it,
but few seem to get their hands around it. Therefore, we shouldn't have been
surprised when we inquired about the state of information security and received
feedback from more than 500 organizations.
More than 80 percent of our respondents said they determine the need for,
evaluate and specify which security products to purchase--so we definitely
heard from those in the trenches. Nearly 90 percent have implemented firewalls
and virus-protection software, and more than 60 percent think their security
policies are both relevant and up-to-date. What's the No. 1 security-related
product people are looking to add in the next 12 months? More than 42 percent
cited intrusion-detection systems. Most claim they have the basics down and are
moving to more complex protective measures.
Finally, when we asked organizations about their overall attitude toward their
information security policies, only 15 percent responded that they wished they
still had their "blankies." This could be a good sign, as people are confident
in their security endeavors--or at least they no longer covet soft, inanimate
objects.
Organizations claim to be on top of their security policies, are spending money
on security and security products, and say this spending will increase over the
next few years. So we've got to ask, What's the problem? Why are corporations
worldwide continuously getting pummeled? Heck, if RSA Security can't keep its
Web site from getting hacked (see
www.attrition.org/mirror/attrition/2000/02/12/www.rsa.com/), how can the rest
of us be so confident? (OK, so RSA's DNS got hacked and people went to the
hacked site instead of the real one--but the result is the same.)
Although we can draw some interesting conclusions from our survey, our
observations have less to do with trends and more to do with a larger problem.
Companies are starting to take security seriously--a good thing--but
perceptions are still in dire need of adjustment. It's almost as if the
industry is in denial: "We've got our security down...or we think we do,
anyway." For example, we found it particularly curious that while more than 60
percent of all respondents think their security policies are up-to-date, only
23 percent of them review their policies at any reasonable level of
frequency--i.e., weekly or monthly. Another trend that doesn't quite match up
is the apparent desire to outsource. If confidence is so high, why are more
than 54 percent of the organizations outsourcing their firewall management, and
34 percent outsourcing their virus-protection efforts? Perhaps confidence is so
high because there is someone else to blame. On the staffing front, 63 percent
of the respondents claim they have no dedicated IT security staff. Either our
respondents employ some of the most security-conscious administrators around or
their strategies have some serious holes. It just doesn't add up.
So it appears that we can look forward to a definite interest in security, and
increased product sales. It appears that intrusion detection will be a hot item
this year. And it appears that many organizations are confident in their
approaches to information security. Yet as computer crime statistics skyrocket,
we are led to believe otherwise. Or maybe we're just too darn cynical. Maybe
the fact that organizations don't have full-time security staff just means they'
ve taken security to the next level and have integrated it into their business
processes. After all, who filled out this survey? Network Computing
readers--that's who. And we all know that group is already ahead of the pack.
For the complete results of our survey, see img.cmpnet.
com/nc/1105/graphics/f22.pdf.
Greg Shipley, a Chicago-based contributor, works for the Neohapsis network
security assessment team. Send your comments on this article to him at
gshipley@neohapsis.com.
--
☆ 来源:.BBS 荔园晨风站 bbs.szu.edu.cn.[FROM: bbs@210.39.3.97]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店