IT Security – who is in charge?

Screen shot of security cetificate alert

We should get “all green” all the time: poor IT management leads to unnecessary alerts

You know the routine: you visit a secure Web site and are presented with a “security alert” warning you that something is wrong with a site’s security certificate.
What do you do? After all, in the current climate of worries about viruses, worms, spyware and security bearches, you would be forgiven for being a tad cautious. To my surprise, on a couple of occasions that I contacted the webmasters of the services concerned, the reply – from the (nearly always technical) support person is often: “Oh, it’s OK, you can ignore that”.
Well, no, I don’t think it is OK. Who manages the security certificates anyway? Is it a purely technical issue, or should an organisation or company’s management be more intimately involved? What are the implications, if following the lame advice above, you find that you have been scammed or that the site really was compromised in some way: your fault of course for clicking through the alert and ignoring the warnings.
The alert is there for a reason: it is a good indication on any site that someone has been doing their job right, or not… In too many cases, left purely in the hands of the (otherwise competent) technical implementers, poor management is undermining security, and our sense of confidence in the security infrastructures that are in place.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s