Cole calls for holistic approach to IT security

MYRTLE BEACH, S.C.?IT security professionals have to find a way to move from reacting to threats to proactive protection, according to a leading security expert speaking at the eighth annual Techno Security conference.

Eric Cole, a senior scientist with Lockheed Martin Corp.'s information technology group and author of numerous books on information security, told the audience that organizations have to first identify their core intellectual property; then they can take the steps needed to guard it.

"If you don't know what you're trying to secure, how can you [know] you have secured it?" he said. "Just because you're putting money and energy into a problem doesn't mean you're addressing the problem."

Cole compared many organizations' security efforts to young children's report cards. "A lot of companies would get E for effort, but unlike elementary school, there is no E for effort," he said.

Cole suggested that organizations should put far more effort into identifying vulnerabilities and securing them as the only effective way to protect against multiplying threats. He also emphasized that security has to be fully integrated into every layer of IT in an organization.

"In this day and age, you shouldn't be able to isolate out your security on your network," he said. "If you can [do it], what's to stop the threat, which can do the same thing?"

Cole suggested that organizations should pay more attention to extending "least privilege"?the least amount of access a person needs to get his or her job done. He cited the Aldridge Ames spy case at the CIA in the 1990s as a very costly example.

Ames' betrayal actually cost lives, yet, "about 55 percent of the damage that he did was with information he had access to that he didn't need to do his job," Cole said. The Ames case also demonstrates that organizations need to focus more of their security efforts on the insider threat, he said.

One way to frame the approach to integrating security is to consider it a "digital watermark," he said. "If you remove it, the network should be useless."

Patience Wait is a staff writer for Washington Technology's sister publication, Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.