Outdated security needs to be ripped up and thrown away

gallery

New approaches are needed to make sure both European governments and businesses are secure.

So claims Steve Purser, head of the technical competence department for the European Network and Information Security Agency (ENISA), speaking at its annual conference.

He said that some of the security ideas used by both the private and public companies were outdated, and that many weren’t working even though people believed they were.

“There is a vast difference between the security in textbooks, and the real security involved,” he said.

For example, he believed that many organisations don’t follow the principle of ‘defence in depth’ where different methods of security worked together with each other, rather than separate from each other.

Also, companies don’t think about how security could change in the future, he claimed, adding that they needed policies and technology that could cope with the unpredictably of business – for example, if there was a merger or acquisition.

ENISA also didn't there was a strong enough relationship between public and private companies when it comes to talking about security issues.

Purser said there was now a European Commission public consultation that would decide on ENISA’s strategy in 2010.

ENISA is still only an advisory body when it come to the security of European member states as mandated.

Purser called for a debate about whether there needed to be a European agency that actively dealt with security issues like cyber attacks in a co-ordinated way, or whether ENISA could take that role.

Email to a friend

Print this page