Tuesday, November 04, 2008

Common Sense IT Security and Lipstick on a Pig

Here are two articles, one from SC Magazine and the other from Tech Republic's IT Security blog, that have some common sense approaches to network security.

The blog post quotes an official in the UK who suggests distributing its government databases as a way to protect sensitive data. The official was responding to suggestions that the databases be centralized to avoid bureaucratic and other delays in using multiple databases.

The post's author, Tom Olzak, argues the issue is basic security, not whether the databases are distributed or not. If such simple security controls as least privilege and segregation of duties aren't enforced, nothing else matters. The database or databases won't be secure, in any case.

Calum Macleod, Cyber-Ark's Western Europe director, quoted in SC Magazine, said security at most companies today is like Barack Obama's comment about "lipstick on a pig." He listed a balanced approach to technical controls as an approach to meeting both compliance and security.

His approach was based on business and user needs, neither too tight to restrict business but not too weak, at the same time.


Anonymous Anonymous said...

Thank you for sharing useful information.Who agrees..Finally a common sense idea to help social security...simply raise the limit?We want you to come up with more blogs.

Hacker4lease-IT Security Service

2:37 AM  

Post a Comment

<< Home