Technology's no protection against malcontents

Hardware and perimeter defences will not protect an organization from a vengeful or greedy hacker, according to Steven Branigan, former Bell Communications senior systems engineer and founding member of the New York City Electronic Crimes Task Force.

"Internal employees, like those who are disgruntled, are more likely to be seeking revenge and the only way to mitigate against that potential threat is through policy; technology will never solve the problem for computer and cyber security - although it is an important factor," Branigan told delegates at the AusCert conference yesterday.

At the Department of Education, Science and Training, IT is using a roadmap that combines proposed policy frameworks with technology now available in the market.

The department's IT security director, Glenn Peisley, said technology and policy need to match.

"You can have the best policy in the world, but if you are manually going through your log files you'll never catch anyone effectively or put the task in perspective," he said.

"But it all means absolutely nothing unless I can demonstrate that internal security investment to the executive and this means regular reporting on disaster recovery test plans, risk register reports and disaster recovery plans ... You have to try and get that reporting back into the management psyche effectively, because as soon as you stop it falls off the radar, and soon after that funding support starts to drop too."

Peisley said the department is looking at developing spreadsheets as a way to quantify risk to executives and show the return on investment for security - which amounts to giving executives dashboard metrics so they can keep track of security investments and projects.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AusCert

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Michael Crawford

Latest Videos

More videos

Blog Posts