Cover V06, I06


Editor's Forum

Not to worry. We've got you covered. The feature articles in this month's issue cover a wide spectrum - from firewall general basics to HP-UX specifics, with side orders of Web, cryptography, and root controls. None of this is "just heard about it yesterday from CERT" material, but rather the normal, everyday concerns that constitute the majority of good security work. There is, however, one security concern that none of our feature articles touch on.

The security concern to which I refer may pose the single greatest threat to organizations around the globe, but is most often found in small and medium-sized businesses. It is likely to be more insidious that the most malicious virus, and of greater threat to the success of the organization than any band of hackers. Unfortunately, this threat is also most likely to strike at companies that are making maximum efforts to be competitive in today's tough business climate. This mega-threat, of course, is the lack of adequate security resources - the time and personnel to perform conventional security precautions and stay informed about new concerns and procedures. In case your management is not as security-aware as you would like, I'll (re)state the obvious.

Good security is not a one-time fix. It is an attitude that should pervade the organization from the highest levels to the lowest. If the attitude is right, you will have the resources necessary to implement and maintain a security policy that fits your organization's requirements. The proper security attitude throughout your organization will also allow you to update your policy as security issues evolve and new threats become known. You won't spend all of your time being paranoid - just enough to know when you are "being followed." That, in turn, will provide you with the ease of mind that will allow you to take care of your users' needs in a timely and effective manner. Although it is difficult to arrive at an exact figure for the value of good security, that value may bear a strange resemblance to the net assets amount on the balance sheet - a value not to be taken lightly.

Sincerely yours,
Ralph Barker