Friday, September 14, 2007

The Seven Habits of Highly Effective Security Plans [Part 2]

Please read The Seven Habits of Highly Effective Security Plans [Part 1] first.

Stephen starts his book with the idea of a paradigm and goes to great efforts to explain what it is and why one needs to understand it.

In terms of Information Security I think that the paradigm shift has been forced upon us on July 13, 2001 but it has taken until now for us to be able to understand and deal with the new understanding.

That was the date that the Code Red Worm struck. The darling of Security at the time - the firewall was no match for this worm and anti-virus was infective too.

Today the worm would be very much less effective because we now have more defenses. We have proper patch management, IDSs, deep packet inspection firewalls and application security. These were all around in the time of the Code Red Worm, they were just not being used effectively. We had the technology but the mind set was not right.

When the SQL Slammer Worm arrived it proved that we still hadn't learned our lesson. The paradigm shift had not happened yet but we are slowly getting there.

The fact that new worms are coming out all the time but we haven't had a global epidemic of Slammer proportions means that we are learning our lesson. The fact that the Storm worm is still being successful means that there is still some way to go.

Our first paradigm shift was from realising that:
  1. security has to be done all the time
  2. technology alone will not save us
I think the next one is that we can't tack on security. We need to think security from the beginning even if it means somethings need to be redesigned or abandoned totally.

To Be Continued.

No comments: