myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


IT Security - Use Facts and not FUD for security solutions

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Security, AntiVirus, and Patching] >> Best Security Practices >> IT Security - Use Facts and not FUD for security solutions Page: [1]
Login
Message << Older Topic   Newer Topic >>
IT Security - Use Facts and not FUD for security solutions - 11/18/2008 9:19:04 AM   
hwaldron


Posts: 3597
Score: 264
Joined: 9/12/2002
From: Roanoke VA, USA
Status: offline 		The article notes that FUD (Fear, Uncertainty, and Doubt) may be used to "sell the need for security" to home users or even in some organizations. FUD means that exaggerated claims are used to alarm folks into making security decisions.  However, I believe most corporate security professionals (as least those I've worked with) thoroughly research options and present as much factual information as possible to IT management. 

Corporate security is a business requirement.  Granted, it's sometimes difficult to ascertain and quantify in real dollar terms.  It entails risk management to address potential losses in a cost effective manner.  The potential consequences of not acting to address true exposures should be shared in a professional manner without the use of FUD.        

In some respects, it's important to occasionally "cry wolf" when major exposures surface.  However, as the article notes, It's important to be factual and "to keep the powder dry" in over-alerting folks to maintain credibility. 

If there's a strong potential of attacks for a highly vulnerable exposure, IT Security needs to be alert all affected areas to work pro-actively in preventing it. You always want to "patch the roof before it rains", which could be immediately or several weeks away.

I agree with some of the constructive criticism noted in the article.  Security professionals need to apply due diligence in properly researching solutions.  The use of facts rather than FUD over time will improve management's perception of IT security as the critical business resource it has become.

Security Reference Guide - Three Reasons Why Users Won't Buy Into Security
http://www.informit.com/guides/content.aspx?g=security&seqNum=332

QUOTE: As if to bolster the viewpoint that the security community only has fear to offer their users, when was the last time you every heard anything good about a security solution or process. For example, have you ever seen the headline "XYZ Firewall Prevent Hackers from Blowing Up a Power Plant!?" Unlikely. Instead, security related news that does make it to the general community deals with viruses, malicious hackers, and scary scenarios that paint a really bad picture of the digital world. Ultimately, it is fairly obvious that FUD tactics are the primary method by which the security industry obtains and maintains their consumers.


_____________________________


Harry Waldron - Security News & Best Practices Blog
Post #: 1
Page:   [1]
All Forums >> [Security, AntiVirus, and Patching] >> Best Security Practices >> IT Security - Use Facts and not FUD for security solutions Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.203