In Brief

Sniffing Out a Skunk Works

Infosecurity teams can garner creative ideas from the front lines of business

By Christopher Lindquist

February 01, 2004CSO — Putting a highly structured, centralized security organization on the front lines of the information security battle is akin to putting a battleship to task against a million speedboats with blowtorches. Holes will appear. Sinking will ensue.

The best way to deal with the versatility and creativity of the attackers, say some experts, is to create your own flexible, innovative groupor skunk works, if you will. Such groups will become increasingly crucial as companies begin using technologies such as Web services, which involves the combination of new tools with the potential for disaster if secured improperly, says Richard Baskerville, chairman of the CIS Department at Georgia State University.

Baskerville explains that such teams need not be expensive. "You don't needand it's unlikely a CSO will be able to justifya full-time team immediately, maybe even ever," he says. "But a virtual skunk works is an intermediate strategy. If you have the right folks on staff, they can be assembled into a team as a temporary skunk works and then return to normal duties when finished."

James Christiansen, CISO at business and credit service provider Experian, agrees. It's important, however, to both hire the right people and to create a work environment that supports innovation. "Motivated people who are imaginative are usually knocking on my door with solutions before I'm thinking about them," Christiansen says. "It's all about the magic of motivation. You can't be seen as a deterrent."

"Its similar to a CERT or a [disaster recovery] team, only the purpose is to anticipate newly opened vulnerabilities rather than recover from them," Baskerville says. The key, he notes, is keeping properly creative and intelligent people happy whenever things are running smoothly. "The tricky part of managing this potential is finding the kind of challenging tasks that will keep such people interested from day to day," he says.

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors