Tue, Sep 11, 2007 10:54 EDT

For E-Crimefighting, I Call Dibs on "E-Batman"

Topic: Infrastructure

Current Rating: Comments: 0

eBatman

"e-Crime is not a technology problem, it is a crime problem."

I was at the Security Standard in Chicago this morning at the John Gallant and Scott Charney fireside chat and heard the above quote as part of the discussion.

I've been thinking about this since then and it strikes me that thinking about security this way can provide some insights and benefits.

For example, in the latest e-Crime survey results, out today, security spending is down from the previous year, though most folks surveyed (69%) felt they were well-prepared to face security issues. Is this a trend? Does shrinking security budgets mean that lack of large outbreaks in the past 2 years is making people complacent about security?

I don't know.

However, as we're fond of saying in the industry, security isn't a problem you can "fix". There is no finish line, it is an ongoing process to manage risk appropriately.

If we look at the physical world of crime, there are ebbs and flows in funding. If a lot of people are out of work, crime may go up and staffing of law enforcement may need to be comparably higher. Similarly, in a period of peace and prosperity, crime may go down and law enforcement funding may also go down.

So, maybe spending on computer and network security budgets (fighting e-Crime) is a natural process as well, with ebbs and flows, never reaching zero, but sometimes pulling back after periods of higher investment. I like this as a model, because it makes it easier to explain to management teams why nobody has yet "solved" the security problem.

Of course, a more exciting benefit to me is the fact that if fighting malicious attackers is a crime problem, then that makes us all crime-fighters - maybe my childhood goal of being a SuperHero when I grew up isn't completely out of reach ...

You do not have flash or javascript support.

Average (2 votes)

All Comments Comments

Post new comment

* Subject:

* Username:

* E-mail:

The content of this field is kept private and will not be shown publicly.

Homepage:

* Body:

Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <strike> <p> <br>
Lines and paragraphs break automatically.

More information about formatting options

Are you a person?: *

* Denotes required field.

About this Blog

Jeff Jones is a Security Strategy Director in Microsoft’s Trustworthy Computing group. In this role, Jeff draws upon his security experience to work with enterprise CSOs and Microsoft's internal security teams to drive practical and measurable security improvements into Microsoft process and products. Prior to his strategic position at Microsoft, Jeff was the vice president of product management for security products at Network Associates where his responsibilities included PGP, Gauntlet and Cybercop products, and several improvements in the McAfee product line. These latest positions cap a 20 year hands on career in security, performing risk assessments, building custom firewalls and being involved in Darpa security research projects while part of Trusted Information Systems. Jeff is a frequent global speaker and writer on security topics ranging from the very technical to more high level, CxO-focused topics such as Security TCO and metrics.

Hot Conversations