If you want to succeed at security, you need to look at the winners

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.

One of the repeated security stories you hear time after time are cases of failing. Usually it’s a story of a data compromise, and the more egregious it is, the better the story is. There’s no doubt that we can learn from others’ failures. But failure doesn’t tell you how to succeed. It only tells you how not to fail.

During CTO of Tripwire Gene Kim’s portion of the panel discussion, “Proving the Worth of Security Metrics” (read my summary and watch the pre-debate with the panelists) he talked about some studies Tripwire has done talking about companies who have succeeded in security.

I asked Kim to talk about that, and also what were the characteristics of a company that made them succeed. In general, he said it’s about actually carrying through your security plan. Successful companies worry about the supervision of the controls, not just the presence or absence of them.

Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.

Tagged as: IT Security, IT Security and Data Protection, Metrics, RSA, RSA 2010, RSAC

This post was written by…

David Spark has contributed 73 posts to The State of Security.

Twitter @dspark

Contact David Spark

David Spark is a veteran tech journalist and founder of Spark Media Solutions, a media consulting and production company. Acting as the "media" of "social media," Spark Media Solutions helps its clients be seen as leading voices in their field through brand-quality media production and distribution through top tier media channels.