Please Note:
This profile was automatically generated using 1 reference found on the Internet. This information has not been verified. Learn more...
This profile was automatically generated using 1 reference found on the Internet. This information has not been verified. Learn more...
Employment History
View...Web References
-
1. News 2002
www.namitech.com/News_2002.htm - [Cached]Last Visited: 1/25/2007
"Without being too alarmist, the focus on innovation and the lack of focus on security makes critical infrastructure vulnerable to attacks from criminals, hackers, disgruntled employees and even terrorists," says Mark Danton, partner in charge of e-security at Ernst & Young.
Market innovation and competition has resulted in each operating system, application and hardware vendor having a proprietary interest in their protocols. This has created a dysfunctional environment of complicated interoperability. As a result, it is costly and difficult for organisations to implement truly effective security solutions.
Danton says that although effectively securing corporate and critical infrastructure systems is no small task, organisations have no choice but to confront it. "More can be done to encourage companies, individuals and government to address vulnerabilities and tackle hard issues.
"Authentication, authorisation, interoperability, recovery and validation are the key issues directors should be aware of when assessing the cyber security risks and vulnerabilities of their organisation's critical information technology infrastructure," Danton adds.
"Unfortunately," he says, "there is no common set of standards for validating the security of computer and information systems. Instead, different countries, individual industries, application vendors and hardware providers employ different standards for assessing vulnerabilities and the effectiveness of security solutions."
He says that this in turn hampers efforts to conduct comprehensive risk assessments of network safeguards and controls across industries and applications.
"Any long-term discussion of IT security should, therefore, consider the need for harmonising standards for validating effectiveness. Only by regularly assessing the effectiveness of controls will we be in a position to offer assurance that security measures are working as intended," says Danton.
