Expert suggests holistic approach to security
- By Patience Wait
- Jun 06, 2006
MYRTLE BEACH, S.C.'IT security professionals have to find a way to move from reacting to threats to proactive protection, according to a leading security expert speaking at the eighth annual Techno Security conference.
Eric Cole, a senior scientist with Lockheed Martin Corp.'s information technology group and author of numerous books on information security, told the audience that organizations have to first identify their core intellectual property; then they can take the steps needed to guard it.
'If you don't know what you're trying to secure, how can you [know] you have secured it?' he said. 'Just because you're putting money and energy into a problem doesn't mean you're addressing the problem.'
Cole compared many organizations' security efforts to young children's report cards. 'A lot of companies would get E for effort, but unlike elementary school, there is no E for effort,' he said.
Cole suggested that organizations should put far more effort into identifying vulnerabilities and securing them as the only effective way to protect against multiplying threats. He also emphasized that security has to be fully integrated into every layer of IT in an organization.
'In this day and age, you shouldn't be able to isolate out your security on your network,' he said. 'If you can [do it], what's to stop the threat, which can do the same thing?'
Cole suggested that organizations should pay more attention to extending 'least privilege''the least amount of access a person needs to get his or her job done. He cited the Aldridge Ames spy case at the CIA in the 1990s as a very costly example.
Ames' betrayal actually cost lives, yet, 'about 55 percent of the damage that he did was with information he had access to that he didn't need to do his job,' Cole said. The Ames case also demonstrates that organizations need to focus more of their security efforts on the insider threat, he said.
One way to frame the approach to integrating security is to consider it a 'digital watermark,' he said. 'If you remove it, the network should be useless.'