David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.
One of the repeated security stories you hear time after time are cases of failing. Usually it’s a story of a data compromise, and the more egregious it is, the better the story is. There’s no doubt that we can learn from others’ failures. But failure doesn’t tell you how to succeed. It only tells you how not to fail.
During CTO of Tripwire Gene Kim’s portion of the panel discussion, “Proving the Worth of Security Metrics” (read my summary and watch the pre-debate with the panelists) he talked about some studies Tripwire has done talking about companies who have succeeded in security.
I asked Kim to talk about that, and also what were the characteristics of a company that made them succeed. In general, he said it’s about actually carrying through your security plan. Successful companies worry about the supervision of the controls, not just the presence or absence of them.
Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.