Most Security is Useless

Looks like I missed this the first time around but there is an article about a speech recently given by Peter Tippet, a VP at Verizon and a scientist at ICSA labs, who talks about how useless most security actually is. Most of his points are ones that I have been making for years like the uselessness of long complex passwords, all your doing is inconveniencing the user. Or how ineffective the continuous search for, reacting to, and patching of new software holes really is when you consider that only a small percentage of those holes are ever exploited. Do you want the highest rate of return on your security dollar? Spend it on the weakest link, the people. Security awareness training, while hard to quantify, will provide the biggest return in terms of security. If you can train your users to think about security as part of their everyday work lives your overall level of security will increase dramatically.


This entry was posted in Commentary, Current Events by Space Rogue. Bookmark the permalink.

About Space Rogue

Space Rogue is widely sought after by journalists and industry analysts for his unique views and perceptions of the information security industry. He has been called to testify before the Senate Committee on Governmental Affairs and has been quoted in numerous magazine and newspaper articles as well as appeared on such TV shows as News Hour with Jim Lehrer, CNN Nightly News, ABC News Online with Sam Donaldson, and others. A recognized name within the industry, Space Rogue has written articles that are often quoted or refered to by other major media outlets. He has spoken before numerous audiances including the Digital Messageing Association, Defcon, Pumpcon, HOPE, H2K, and others. As a former member of L0pht Heavy Industries, Space Rogue ran the widely popular Hacker News Network which quickly became a major resource on the Internet for daily information security news. Before HNN he ran the The Whacked Mac Archives, which at the time, was the largest and the most popular Macintosh security site on the net. Currently Space Rogue does consulting for various companies.

Leave a Reply