Are your security professionals qualified?

Many don't know what they don't know

Ira Winkler (Computerworld (US))
16 August, 2012 14:08
Comments

Several lessons have been derived from the recent iCloud security incident, but the most important for me is how it demonstrates the ignorance of many security professionals, an ignorance that calls their management into question.

When the iCloud hack started hitting the news, it generated a lot of discussions among security personnel. Many of them grasped the underlying concepts reasonably well. Unfortunately, though, some of the conversations demonstrated a clear lack of understanding of fundamental security concepts.

As is widely known by now, a hacker was able to compromise the Amazon.com and iCloud accounts of a Wired reporter. The accounts were compromised as a result of operational security flaws in the password reset processes of the respective organizations. The attack itself was rather involved, but at bottom it was a fairly straightforward social engineering type of attack.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

"Correction: The Acer Chromebook has a 325 GB spinning magnetic hard drive. ..."

Google adds more retailers for Chromebook
"yeah, because its Australians fault the US gov and big Corps do ..."

Mobile app data protection not our responsibility, say Australians
"Despite the fact that the number of 457s has peaked in the ..."

Opposition calls for inquiry on 457 visas
"80% + 75% + 'only' 66% = 221%"

Mobile app data protection not our responsibility, say Australians
"Assange could have all the sunshine he needs: Swedish sunlight, US sunlight. ..."

A year on, Assange still a divisive issue

Whitepapers

All whitepapers

Most Read

Sign up now to get free exclusive access to reports, research and invitation only events.

Most Commented

Featured Whitepapers

Top 10 Reasons You Don’t Need MDM

Even though companies such as Fiberlink make it easy to centralise the management and security of mobile devices of all shapes and sizes, that is no excuse for capitulating to the whims of the masses, to bolster your career by trying to be hip and trendy and au courant. If you allow progress here, next thing you know, the company will be asking you to enable business in the cloud. Where will it all end? So, before you take that fatal next step in allowing mobility, security, BYOD and user flexibility, carefully read these top 10 reasons why you don’t need mobile device management.

Featured Download

DivX Plus

Divx Plus 8 provides you with a Web Player which allows you to watch DivX, AVI and MKV videos in your web brower; you can ...

Zones

Most Popular Whitepapers

Best Practices to Make BYOD Simple and Secure

As consumerisation continues to transform IT, organisations are moving quickly to design strategies to allow bring-your-own devices (BYOD). This paper provides IT executives with guidance to develop a complete BYOD strategy which gives people optimal freedom of choice while helping IT adapt to consumerisation - at the same time addressing requirements for security, simplicity and cost reduction. Read now.

Popular tags: Business Management, Security, Storage, Data Centre, Virtualisation

Latest Jobs

FTTechnical Business AnalystNSW
FTPeoplesoft CRM DeveloperWA
FTPeoplesoft CRM DeveloperWA
FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
FTJunior Financial System Support ConsultantNSW
FTFlash / ActionScript Developer - ContractNSW
FTInvestment System Support ConsultantNSW
FTWeb Analyst - WebTrendsVIC
FTApplication Support ConsultantNSW
FTFlash / ActionScript Developer - ContractNSW

Market Place

Are your security professionals qualified?

Recommended

Seeing through Google’s rose coloured glass darkly

How fast is Vodafone 4G?

Social data tool reveals value of an individual ...

IoT: Aussies prepare to ship Wi-Fi connected lightbulbs

IoT: Aussies prepare to ship Wi-Fi connected lightbulbs

UPDATED: 4G in Australia: The state of the nation

Google adds more retailers for Chromebook

ACMA defends process after police protest spectrum decisions

Microsoft shows revenue hand with Office for iPhone

NBN Co should take asbestos responsibility: analyst

ASIC has used s313 10 times to block websites

Australian telcos requested more disaster exemptions in FY 2012

NextDC signs new customer for five years

Mobile app data protection not our responsibility, say Australians

Top 10 Reasons You Don’t Need MDM

How the Cloud Changes the Game for Line of Business Managers in Midsize Companies

Benefits of Deploying Microsoft Exchange Server 2010 on Dell Compellent with Data Progression

Clearing the Clouds for Midmarket Businesses

DivX Plus

Symantec Business Critical Virtualisation Content Zone

BlackBerry Enterprise Service 10 Zone

HP Tech Connect Resource Centre

Best Practices to Make BYOD Simple and Secure

The Business Case for Better Disaster Recovery

EMC's Flash Strategy

McAfee Complete Endpoint Protection - Enterprise

5 Myths of Cloud Computing

Computerworld newsletter

Don't have an account?

Are your security professionals qualified?

Recommended

Computerworld newsletter