Information security is no longer about refining technology, but helping people and improving processes. This was the key theme of the recent Intermedia Group E-Security Conference and Exposition in Arlington, Va. The conference featured some of the most respected information security . . .
Information security is no longer about refining technology, but helping people and improving processes. This was the key theme of the recent Intermedia Group E-Security Conference and Exposition in Arlington, Va. The conference featured some of the most respected information security experts known to the industry, including Bruce Schneier, CTO and founder of Counterpane Internet Security, and Gene Spafford, director of the Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS).

The key message of the conference was perhaps best summed up by David Bowser, information security manager for Latrobe, Pa.-basedKennametal (stock: KMT): "The basic conclusion that I came away with was that, more than anything, a security manager must be a student and an educator. A key component of a sound security program is to keep up with business, technology and society and then pass that on to the organization in the form of security practices and awareness programs."

This theme may have been an epiphany to some technology experts, but it was no revelation to security policy managers such as Bowser. In fact, I've been preaching this for as long as I can remember. Even Bruce Schneier, creator of two complex encryption algorithms and author of the long-standing cryptography industry bible Applied Cryptography, admitted he had put his eggs in the wrong basket.

The link for this article located at TechWeb is no longer available.