re: Taking the Complexity out of IT Security

George Bailey — Fri, 01 Feb 2008 22:03:35 GMT

IT Security is essentially Information Security (everything else - physical security, network security, etc. are supportive of the overarching objective i.e. protection of the information) - and the very nature of information makes IT security inherently complex.

The history of cryptography (one of the oldest information protection methods) is quite instructive. The speed with which the complexity of an already complicated task increased as technology availability, transaction frequency and user numbers increased. Simon Singh's "The Code Book" (ISBN-13: 978-1857028898) is a good non-geek source.

The main reason why the complexity of IT Security will only increase is that we did not cater for the amazing rapidity with which modern IT has developed and been adopted, which has led to (you guessed it) "technology availability, transaction frequency and increase of user numbers" and the inescapable complexity of IT security.

re: Taking the Complexity out of IT Security

Rick Omar Kazi — Tue, 05 Feb 2008 07:21:36 GMT

George,

The last line in your comment hit the nail on the head.

IT Security can be made less complex if we combine people (awareness), products (secure OS) and processes.

Security is best deployed in 4 easy layers : Network, Endpoint, Server and Application.

Windows 2008 actually provides enhancements that are built into the core product, so extra products are not needed, simplifying IT managers lives quite alot.