What keeps YOU up at night?

brabbege

Edit, guess I should actually post the article- http://www.net-security.org/article.php?id=2013&p=1
I read this article and want to know the opinions of others who are in the trenches. Do you agree with the authors stance on how understaffed InfoSec is? Do you think your in a company that's a ticking data breach time bomb? I know the place where I work has had a breach recently and the repercussions were definably felt enterprise-wide.

the_Grinch

I for one don't believe that throwing more people at a problem means it gets solved. I know we are collecting a ton of data and even if I had 100 people staring at it there wouldn't be a huge difference in our responses. Where I am we are slowly building tools to chain events so that alerts we are getting are valid and should be looked at. The biggest thing that I believe kill the security industry is the lack of holding people accountable to procedures. Having gone through a full list of policies and procedures (that are in compliance with regulations) it was amazing to see how companies just to follow them. At this point I have seen several instances where when we've called them about an issue the explanation has been "so and so did not follow our policy/procedure. He/she will be given remedial training and we'll update the team."

If you look at any sports team what is it that they do? They practice. They practice four days a week for a one day event (if not more). I have yet to really see a security team actually practice. Thus when an event occurs (rarely the case that it is captured as it is happening) you get that deer in the headlights stare and chaos begins.