IT Security - Oversold?

Re: POP 3 & SMTP Servers & Email Filtering

Clubman

I have to smile at your anecdote. One of my main areas of work is consulting in IT security and I see your scenario and similar over and over again. As in any area of IT there are complex issues to consider and speciliast skills required, i.e. I can write an app for my own use but know that I am better leaving it to other qualified professionals for my customers . However often IT security is designed, implemented and managed by someone who does not fully understand what they are doing but everyone claims to be an expert in the field, or theycan find a solution to their problem on the Internet.

In my humble opinion the problem is that IT Security is treated as a security problem and not a business problem. Therefore the solution is left to lie within IT and not within the business where it is. Yes IT can find technical solutions but the business needs to first identify what its risk goals are and what their risk appetite is and then get IT involved, together with HR and legal

C

Re: POP 3 & SMTP Servers & Email Filtering

In my humble opinion the problem is that IT Security is treated as a security problem and not a business problem.

Click to expand...

Or worse still, it is treated as a technical problem, not a people problem.

Re: POP 3 & SMTP Servers & Email Filtering

Indeed!

Re: POP 3 & SMTP Servers & Email Filtering

Capaill,

Did,nt mean to slag off IT Network/Security people, as I am in that group !!!


I agree that businesses should have overall look at security, I just commented on cheap SPAM solution, that I now for certain works.

Clubman is correct, There are IT Security consultants
(cowboys) out there that are not giving value for money, and , in turn undermining its credibility.

Re: POP 3 & SMTP Servers & Email Filtering

Hi Crumdub12

No problems

When you hang around AAM long enough your learn not to take things personally<g>

C

Saw a thought-provoking article on this theme on Silicon Republic (the online newsletter) and thought it might be worth linking here:
[broken link removed]

Hype, by it's nature, involves overblowing your subject - whether that be IT security threats to your business/home, the favourite's chances in the Gold Cup or even your national team's hopes for a second Triple Crown in three years! (wahay!)

Problem is, it can get in the way of an important message.

As a home-user, I want to communicate using the internet and access information on the web - that means I have to protect my home setup from viruses, spyware and all manner of other hacks - just as much as I need to use a house alarm, locks on the doors, etc. to deter burglars. Okay, so not everybody without an alarm or who forgets to lock the back door gets robbed - but they're asking for it and I think it's fair to say that their inaction makes getting burgled more of a probability than a possibility.

The world is full of opportunists and they come in all flavours of techie capability. I am happy to take steps to try to keep them out because I don't want to be burgled or hacked even once! That feeling of "closing the stable door" after an IT security incident is just as nasty trying to recover from a physical break-in - it leaves you feeling vulnerable and violated and resolving not to get caught out ever again!

I am fortunate that my employer allows me to use the internet/web from my desktop - but that brings responsibilities with it too and so I want to be sure that I have taken whatever steps I need to take to prevent a security incident. As a professional, I don't want to threaten my good name or that of my company by exposing us to that kind of thing.

So, taking responsibility for managing IT security risks is EVERYBODY's business - but some people are better equipped to help you evaluate where the threats may lie - so you defer to them. It's the same as taking out insurance - you don't want to bear all the risk so you have to trust other experts in the field to help you mitigate the risk as much as you can. Of course, you should still try to satisfy yourself that you're getting the best tools and advice for your money.

I think some key messages from the Silicon Republic article for anyone trying to assess their potential exposure and take appropriate action to limit it are:
Know what you're up against (in fairness, I don't think the security vendors are your main problem)
and then
Shop around! - a message that should be close to the heart of every askaboutmoney subscriber!

God Bless Mary Harney!