Security News > 2006 > May > Security is about people

Security is about people
2006-05-16 09:12

http://www.smh.com.au/news/technology/security-is-about-people/2006/05/15/1147545264723.html By PATRICK GRAY May 16, 2006 Australia's foremost private IT security organisation says throwing money at technology problems will not fix them. AusCERT is bringing the world's most influential data security experts to meet executives at a conference on the Gold Coast to find better solutions. Representatives from Qantas, government, banking and an energy company are to attend. The open forum to take place next Monday - the first day of AusCERT's annual conference - aims to educate senior executives on their responsibilities and personal liabilities concerning information security, says AusCERT program manager Mark McPherson. "We're trying to provide a forum for a different style of audience, it's an experiment," Mr McPherson says. So-called techno-philosopher Richard Thieme - one time seminarian, now IT visionary, speaker and author - will speak on the role of propaganda, public relations, illusion, misdirection and ridicule in the world of information security. Bread and butter issues, such as teaching students to write secure software, will also be covered. AusCERT consultant Richard Forno says security is not just a technology issue, "it's a cultural issue". "We're in the habit of throwing technology and money at a problem instead of looking at the people and why we do things a certain way," he says. Mr Forno, who also works for Washington DC-based consultancy KRVW, will deliver a two-day seminar on secure software design. He will also deliver a presentation on the incident-response capability he built for the US House of Representatives in the mid-1990s before incident handling strategies were in vogue. He says that a lack of accountability is a grave concern for security conscious corporations. "The industry focuses on the technology, because frankly it's easier," he says. "There's little accountability. We've got HIPAA (the health records and standards act) and Sarbanes-Oxley (which covers the financial and accounting sectors) but there's no incentive to do more than meet the minimum criteria." Steve Manzuik, of eEye Digital Security, intends to rattle the skeletons he says are in Microsoft's closet. Mr Manzuik says the rate of technological change transforming the security industry has slowed. "People are starting to realise that signature-based stuff is a waste of time," he says. "When it comes to having to deal with new threats I don't think it's slowing down but as protection technologies go things are becoming a little more focused." Generic protection mechanisms built into operating systems are a good start but the "people factor" can never be underestimated, he says. "No matter how well we do with fixing operating systems it will always come down to how aware people are." Copyright © 2006. The Sydney Morning Herald. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com


News URL

http://www.smh.com.au/news/technology/security-is-about-people/2006/05/15/1147545264723.html