InfoWorld - Security Adviser: The two steps to radically better security

/Home/Internet Security: Blogs/Internet Security: InfoWorld blog/InfoWorld: Security Adviser 2013

Stop wasting your money and do computer security right with two common-sense practices

By Roger A. Grimes
APRIL 02, 2013

Here's a shocking fact I've learned from 25-plus years of security consulting: Most security projects fail to improve the safety of the organizations launching them. Security will be compromised as frequently after the project as before.

To put it bluntly, most computer security projects are a waste of time and money.

One reason for this dysfunction is that organizations launch way too many projects with woefully unrealistic expectations about their impact and the level of effort required to do them right. The fact is if all companies did a better job at just two defenses, their companies would be far better protected than if they were to complete the dozen-odd projects they're attempting to pull off.

In many cases, the two defenses I recommend are inexpensive or even free. They don't require multi-million-dollar projects dragged out for more than a year. They don't demand cutting-edge solutions. They simply require that organizations do a better job at two things they've been told to do for decades. And guess what? They work.

Click the URL above to read the full article