Content

Editorial: Evolving the views of security today

This was confirmed during a conversation I recently had with an industry professional who said that much of the fiduciary and corporate support he gets is driven by headlines.

So, unsurprisingly, given negative publicity that traces customer/client data exposures through the Department of Veterans Affairs or TJX Companies, as examples, data theft is a big issue for his worldwide enterprise.

Such priorities are to be expected. On the other hand, the protection of intellectual property — on which his business is based — isn't so much a concern for his higher-ups. That's because newspaper coverage of such leakage doesn't seem to grab the headlines like exposed Social Security numbers.

Take for instance the corporate espionage incident at DuPont. The U.S. Department of Justice recently unsealed a case that showed how a former senior scientist at DuPont thieved $400 million in intellectual property.

Reportedly, Gary Min, a 10-year company veteran, pleaded guilty in late 2006 and could face up to 10 years in jail, $250,000 in fines and restitution for accessing proprietary technical documents.

Such crimes involving internal employees stealing intellectual property are nothing new, but coverage of companies divulging them is slim. Yet, theft of intellectual property — especially if such crimes occur in less regulated countries where many companies are running offices — could cripple organizations.

But, according to the IT security pro I talked to, much support for security initiatives still is prompted by lead executives catching some story that prompts them to wonder what steps their organization is taking to protect such critical data.

Just as our Salary Survey in this month's issue reveals, such a way of thinking shows that this still maturing field has a great deal of growing up to do. The promise of better-defined information security roles, sound hierarchical structures and strong risk management plans directly coincides with the hope that the core underpinnings of good business in this electronic age equal robust security.

To make progress in information security, whether in defining information security positions better or strengthening budget for protection of data, is to advance a prosperous business. Grasping this will mean the difference between a bad headline or not.

- Illena Armstrong is SC Magazine's U.S. editor-in-chief.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.