Focus on business security, not compliance: CSO

Companies getting distracted by payment card industry (PCI) compliance rather than understanding security problems, says Tenable Network Security CSO, Marcus Ranum
Tenable Network Security CSO, Marcus Ranum.

Tenable Network Security CSO, Marcus Ranum.

Enterprises are too focused on meeting security standards such as payment card industry (PCI) compliance rather than implementing configuration management, business resumption and fault tolerance, according to a security expert.

Speaking to CSO Australia at the Cyber Security Summit in Sydney, Tenable Network Security US chief security officer, Marcus Ranum, said management and IT executives needed to start treating attempted external hacks as another fault and include security in the context of a business problem.

“PCI compliance is something that any organisation with a clue about security would have been doing all along,” he said. “CSOs need to be questioning prevailing trends and not follow what everyone else is doing.”

In addition, Ranum said the information security industry was “stuck in the crosshairs” of trends such as reduced budgets due to the development of more intelligent security systems.

“You can have an anti-virus system or application firewall that does a pretty good job because it’s executing the standard knowledge base against a static system,” he said.

“Because we were able to get things to work pretty well with these kinds of knowledge based [security] systems we’re getting pressure from management to do more with less.”

However, this also meant malware was getting more sophisticated -- to the point where it required a dedicated response team of generalist security staff.

“One of the things I’m seeing is that organisations are patting themselves on the back and saying they’ve taken care of the problem but then they’re getting owned by some piece of malware,” he said.

“These organisations are then spending huge amounts of money on forensics and incidence response.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: etwork
References show all
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
All whitepapers

Court slaps TPG with $400k fine over 000 failure

MORE IN Networking
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia