Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools

   

















    Site Map

    Our Sponsors

    Home


Print Friendly! Email This Article! Discuss NOW!

Security Spending - Are you spending it in the right places? - Part 1
by Joseph Seaman, CISSP, GSEC
Enterprise Integration

The latest projections show that security spending will either increase or remain the same through 2003. With all of the money being spent on security, the question comes up as to whether or not we are putting the best use of those funds to work or are we simply plugging each hole one by one with no overall game plan. It reminds me of the story of Hans Brinker. To those unfamiliar with the tale, I have included it here.

"This is a famous Dutch tale about an 8-year-old boy who put his finger in the dike to save the city of Haarlem. The dramatic story goes like this. Some 150 years ago, on a beautiful autumn day, Hans Brinker took some cookies to a blind man who lived further down the dike. While walking, he noticed that the rains had raised the water to dangerous levels. Without any advance warning, the weather turned very dark and windy. Suddenly, the boy heard the sound of dripping water. He looked and saw a very small hole in the dike. His father always spoke about the evil water. So the little boy knew there was great danger that the small hole in the dike could get bigger and bigger and cause the dike to burst. This could result in the flooding of large parts of the country and many people could die. He immediately knew what to do. He climbed down the dike and put his finger in the hole. No more water came through it. "I will rescue the city from the evil water", the little boy said bravely to himself. He screamed for help but nobody could hear him. Quickly our little hero became colder and colder. His feet in his wooden clogs got very wet. The night was falling rapidly. The boy was scared, cold, lonely and very tired but he decided to hold on all through the night. The next morning, the local vicar came walking along the dike and heard Hans Brinker crying. Help soon arrived and the city was saved. Though this never really happened, there is a beautiful statue in Haarlem today showing Hans with his finger in the dike."

Not only is the figure of Hans purely fictitious, the legend defies logic in physics and common sense. In much the same way that various forces account for pressure on the dam, there are various forces that account pressure on an organization's network. So the question begs us to ask, are we addressing our security problems in the same way Hans Brinker is plugging the dam? To a large extent yes.

The problem with Hans as well as the rest of the IT world is that we are not accounting for the other forces or threats in the entire picture. We are so consumed with addressing the obvious that we fail to look at the complete picture and address it in its entirety. This is why we see increased spending on security products such as firewalls, intrusion detections, anti-virus, and filtering devices all with the focus on keeping the bad guys out. That is not to say that those items do not have a legitimate place in the security picture, but they are however, disproportionate to the vast complexities and issues surrounding all of security.

We, as Americans, are notorious for solving problems with point solutions. From public to private sectors, we, for the most part, have addressed problems by fixing them at the surface and not resolving the root cause. In business, if a company needs to cut expenses, they may cut payroll or marketing. In government, if education is failing, throw more money at it. In sports, if a team is losing, fire the coach. Part of it may be that we, as a culture, have a short attention span and do not have a strong threshold for sustaining our interest on any one particular issue. How many people still feel that we are at war with terrorism? We like the quick fix, and feel good that we "solved" the problem in a quick and efficient manner. It helps make our case when asked, "What have you done for me lately?". Unfortunately, this is the same thinking that is being applied to securing our technical assets.

In part 2, the author provides suggestions for looking at the big picture of technology security and addressing the problems in a strategic manner.

First published on BankersOnline.com 1/27/03


Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.