When Good Security Goes Bad

In the wake of MasterCard’s recent security blunder, experts are starting to question how good security can go wrong. MasterCard, one of the leaders in network transaction security, found itself the victim of a security breach through one of its transaction processing partners.

According to an article by Matthew Friedman on Security Pipeline.com, good intentions aren’t enough “when good security goes bad.”

“I think most organizations go into security with good intentions,” Peter Stapleton, director of Computer Associates eTrust Security Management, told Friedman. “But if you look at organizations like MasterCard and LexisNexis, the predominant failure in all of them has not been technology. It's been a business failure.”

Friedman says the problem is that technology can only take you so far. If you think technology is enough to protect you, you’re still leaving yourself vulnerable. “The truth is that really good security just isn't that sexy," Stapleton told Friedman. “Good security is administration. It's in how you manage the technology and in how you manage the organization.”

Instead, Friedman says you need day-to-day oversight of both your business process and security practices to keep your business secure. “Without granular, day-to-day oversight of business processes and security practices -- the kind of plodding, detail-oriented work that none really likes to do -- even the best security technology will become vulnerable,” he writes.

To read the full article, click here: http://www.securitypipeline.com/howto/164903319