[Infowarrior] - New Article: Why Internet Security Continues to Fail

[Richard Forno]

Why Internet Security Continues to Fail
Richard Forno (c) 2006. (Original: 2006-08-07)
http://www.infowarrior.org/articles/2006-01.html

In his public farewell to the Internet security community three years ago
this month, famed security researcher Rain Forest Puppy (RFP) opined that
the Internet security community was allowing commercialism to trump common
sense security thinking ­ a situation that he believed led to the growing
Internet insecurity problem.

Indeed, free-market financial interests and an unhealthy complacency from
vendors and customers alike continue to overpower sound security logic and
practices to establish a technology landscape nearly impossible to protect.
While perhaps the security situation is deemed acceptable or Œgood enough¹
given that endeavors to improve it remain an apparent exercise in futility,
the argument can be made that its causes are cultural rather than technical
in nature -- and subsequently marginalized or overlooked as a result.

< - >

These issues demonstrate briefly that the major obstacle to significant
progress toward sound information security is not technical, but cultural.
Assuming that the current state of insecurity is not acceptable and that
serious improvements actually are demanded by customers, changes far beyond
technology innovations must occur if any truly effective security benefits
can be realized. However, technology is only part of the total security
solution: if the self-serving business drivers of the information technology
industry are not overcome and customer-side management cultures continue
facilitating this ongoing exercise in security futility by rejecting a
holistic commitment to real risk management, information protection
products, policies, and practices that yield tangible benefits aligned
toward these noble goals never can be achieved.

http://www.infowarrior.org/articles/2006-01.html