At the end of Clint Eastwood’s 1973 film Magnum Force, after Dirty Harry saw his corrupt policeman explode in his car, he says the man must know his limits.
I thought of that quote today when a debate broke out in the city about the compromise of communities and other organizations working in the field of information technology that also have personal information sources.
A few years ago, I wrote: If you can’t protect, don’t collect. I have argued that you should not collect and store personal information if you are unable to protect it.
In the same vein, I state here that if you can’t work safely with the information technology that matters, then you shouldn’t support this IT.
It is essential that outsources them to a trusted provider for thecloud and focuses on managing secure access to these services.
If you cannot outsource it and protect it yourself, then you need to integrate with asecurity provider who can handle it.
It’s clear to me that most people who work with IT processing IP data simply can’t do it safely, and they don’t bear the full cost of IP data breaches.
They have too many strengths and weaknesses and are the target of too many threatening actors.
These organizations do not have the people, processes and technology to reduce risk.
They are successful, but they are usually due to the heroism of some computer scientists and security experts, who often feel overwhelmed by their opponents.
If you are unable to solve a vulnerability two years before the exploitation, or if you can’t detect an invasion and react to the enemy before he completes his mission, you indicate that you need to change your whole approach to information technology.
The security industry seems to think that the solution is to throw more people into this problem, but every year we read several million vacancies. It’s a sign that we need to change the way we do business. The fact is that organisations that cannot defend themselves have to acknowledge their limitations and change their game.
I understand that outsourcing is not a panacea. Note that I emphasized ITin my recommendation. I don’t understand how, for example, in the world of industrial control systems (ICS), you can outsource critical technology that is operated locally. These operations may be more dependent on outsourced security service providers if they are unable to detect intrusions with internal capabilities and respond adequately.
Remember that the vast majority of IT management organizations do not exist. They manage the information technology to support their activities. Many organizations have actually moved their legacy applications to the cloud, and most new organizations are in the cloud. These are encouraging signs because older organisations can age over time.
This is a heavy burden for cloud computing providers that fall into the managed service provider category, which I recently discussed in my blog post on Corelight. However, the most trusted vendors have the people, processes and technology to do their jobs more securely than many organizations dealing with outdated information technology.
Everyone needs to know their limits.the practice of network security monitoring: understanding incident detection and response