Security management is becoming a ?board-level? issue and attacks on computer systems are getting sophisticated, Ron Moritz, Computer Associates International, Inc. (CA) senior vice president and chief security strategist, reminded delegates at the recently-held ?Manila Con 2003? conference.
In his videotaped presentation entitled ?The Physics of Security: From Containment to Enablement,? he called for an end to current fragmented approaches to access, authentication and auditing operations.
Moritz likened the management of information access to the management of nuclear power. ?Until recently, containment models were the prevailing wisdom espoused by the security intelligentsia,? he said. ?Today we energize information not by containing it, but by releasing it and enabling it to flow freely within well-defined limits.?
Those limits are essential to avoiding the dangers of theft, damage and lawsuits, said Moritz. The security model has shifted and much of the work should now be about enabling and supporting the controlled release of information.
He stressed the need for total security management across IT and facilities systems in order to enhance responsiveness to new threats and reduce business risk.
As he called for a radical redefinition of security management, he urged organizations to integrate their business continuity, physical and cyber security functions.
MANILA CON 2003
The ?Manila Con 2003? was designed after ?DEFCON?, an annual gathering of computer hackers in the US. ISSSP held a previous convention on September 11 last year. It was organized by Information Systems Security Society of the Philippines (ISSSP) and targeted local network administrators and IT security professionals.
Formed amid security concerns sparked by the World Trade Center attack in 2001, ISSSP is composed of local network administrators from the private sector as well as people from IT firms that provide services related to security.
Rather than putting hacking in the spotlight, the Manila Con 2003 highlighted the ?positive side? - it?s in the process of making companies aware of the many ways their networks can be compromised and how to be adequately prepared for an attack.
Hacking is an offshoot of the perennial ?hacker vs. cracker? debate. ?Crackers? are commonly referred to as those that seek to damage computer systems maliciously.
There is a wide range of security concerns - from insider attacks, unlawful use of corporate assets, and theft of intellectual property to executive protection and workplace violence prevention, outlined Moritz. …