Abrams says, "It's far too easy to get lost in the hype of the shuttle crashing or the space station shutting down when the real risk is to classified data and government systems."
We'll sum up with some thoughts from Oliver Lavery, director of security research and development for nCircle. Lavery explains that organizations today are faced with the challenge of securing an increasingly diverse and ethereal network, and protecting a skyrocketing amount of data.
Lavery states, "The failure of the security program here is probably not technical, it's more likely a lack of proper threat modeling, asset classification, and triage processes. The real challenge for massive organizations is ensuring that security efforts get the most bang for every buck."
So, Houston, we do, in fact, have a problem--but, don't panic. Look beyond the sensationalism of terrorist attacks against shuttle missions, and focus on the real issues uncovered by the NASA audit report. What we can learn from NASA is that security is a process, not an event, and that organizations should be as diligent as possible in proactively identifying and resolving--or at least mitigating--issues which expose the network to risk.
Sign up for MIS Asia eNewsletters.