Holistic Security

To give you a quick feel of the content at the Security Standard event in Boston this morning just think holistically. That is the watchword for at least the first two presentations. First Catherine Allen, CEO of the BITS Financial Services Roundtable.

Catherine took shots at ISPs, vendors, third parties, small institutions, and the government. She did not accept on behalf of the 100 institutions that are members of BITS the responsibility for being proactive. As a matter of fact she highlighted government regulation as the most important security concern for large banks.  Considering that those regulations trail the emergence of threats by two to three years the banks should probably be more concerned about protecting their assets and their customer's information. 

 Ms. Allen paid homage to "Holistic Security" as did the next panel of speakers, four of the top security executives from Microsoft: Doug Cavit, Chief Security Strategist, Ben Fathi, VP Security Technology Unit, Ryan Hamlin, General Manager Technology Care and Safety Group, Ted Kummert, VP Security.

According to Wikipedia Holism is the opposite of Reductionism.  A holistic approach takes into account everything, a reductionist approach treats the individual components.  I think I am a reductionist when it comes to security.  If the threats would ever stand still, become static, then there would be an opportunity to consider the whole. But the threats change every day. Focus on the individual threats and the best defenses is what is needed. When you hear the H word being invoked you can join me in rolling your eyes and moving on to the next speaker...