What we're reading, week of 6/9

by VPNHaus | 06/09/2008

From Rational Survivability…

Security Will Not End Up In the Network...

Hoff showcases a graph of the cycles of security investment, to rebut the pronouncement that “security will end up in the network.” “There's no end state,” he writes. “It's a continuum.  The budget and operational elements of who "owns" security and where it's implemented simply follow the same curve.  Throw in disruptive innovation such as virtualization, and the entire concept of the "host" and the "network" morphs and we simply realize that it's a shift in period on the same graph.” The accompanying post outlines a very thorough view of enterprise security.

 

From StillSecure, After All These Years…

Security - Passive versus active response

Alan Shimel summarizes some key takeaways from the Gartner IT Security Conference, based on conversations with vendors. A theme that emerges is the difference between passive security (reporting data access violations) and active security (blocking them). Shimel suggests that active-response methods will usually encounter resistance in the market before their eventual adoption.

 

From Securosis.com…

The Good (Yes, Good) And Bad Of PCI

Rich Mogull writes about the pros and cons on PCI – concluding that for all of its faults, PCI is helping security directors get the resources they need from the business – which is why PCI is a positive step in the long term.