The 2010 ISSA International show was just here in my hometown of Atlanta. With the experienced speakers – many of whom work for highly-visible companies and government agencies – I was expecting some new ideas and solutions around security. The quality of the speakers was good; the problem was with the messages that I heard (at least in the keynotes). It was the same old stuff we’ve been hearing since the beginning of “Internet security” as we know it. “You need to have policies,” “You need to train your people,” “You can’t rely on vendor products completely,” “You need to take a risk-based approach,” “The cloud is our great savior” – blah, blah, blah. Looking around, I could tell that others in the audience were tiring of the same old messages as well.
Is this the way information security is going to be from here on out? I’m not so sure that preaching the same old stuff is viable long-term. Maybe I’m just being impatient; perhaps there is no good solution. Maybe we’re just going to have to keep doing what we’re doing and trust that it’ll eventually sink in. Time will tell.
Although it’s a never-ending and frustrating cycle, it’s good for job security, so I guess I shouldn’t complain.
Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. You can reach Kevin through his website at www.principlelogic.com and follow him on Twitter at @kevinbeaver.