Page 41 - Cyber Warnings
P. 41
than update the systems and security. The groups find keeping insecure protocols are more
important or pertinent than mitigating the risk for the customer. They refuse to factor into the
decision the risk as part of the equation.
This focus on and applying more weight to convenience is an issue. By accepting the risk
without actually analyzing the potential risks and extended effects if these risks were to be
realized in the form of a compromise is a significant oversight. This should be in the forefront of
the decision process.
This is indicative of the users being more focused on how it affects their world and
responsibilities. This is a rather short-sighted process. The focus should be more on the
business and enterprise for the long-term.
Education
The issue is not going to go away anytime soon. This will continue as technology and applied
processes continue to improve. The decision-makers and users presently are viewing the
situation in the very short-term to minimize the effort that would need to be expended. The focus
and thought patterns with this need to change. As there is no change occurring or being done at
a portion of a snail’s pace, the risks continue, and these risks increase every day, the enterprise
becomes more of a target, and the business may increase it being scanned and probed with the
initial stages of an attack.
The users need a re- and/or continuing education. As this may inaccurately appear to be a
single-minded push, the message should be gently stated with facts of the situation, inclusive of
the risks if not being implemented. The directive to make the changes needs to be a rather clear
choice, based on these facts, risks, and industry standards.
This process will not change the thoughts or processes overnight. This push will take effort,
time, and patience. If this process was easy, the entirety of the enterprise would all be
completely using the current technology and practices. This endeavor of updating the current
industry standards is completely worthwhile, yet frustrating at times. The evidence to the
contrary is open for all to read every week as the compromises in the multiple industries are
published.
About The Author
Charles Parker, II began coding in the 1980’s. Presently CP is an Information Security Architect
at a Tier One supplier to the automobile industry. CP is presently completing the PhD
(Information Assurance and Security) in the dissertation stage at Capella University. CP also is
an adjunct faculty at Thomas Edison State University. CP’s interests include cryptography,
SCADA, and NFC. He has presented at regional InfoSec conferences. Charles Parker, II may
be reached at [email protected] and InfoSecPirate (Twitter).
41 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
