Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

Why Don't IT Generalists Understand Security?

Why doesn't the rest of the IT department understand what encryption and passwords can and can't do? And does it matter?

Comment  | 
Print  | 
//Comments
Oldest First  |  Newest First  |  Threaded View
<<   <   Page 4 / 4
shirishkunder re
shirishkunder re,
User Rank: Apprentice
7/7/2015 | 4:01:57 AM
Re: IT Generalists Can Understand Security But Should They?
Although I do agree that Risk Management is a critical part of Information Security, I'm not sold on remaning it as such.
anirudhsingh1
anirudhsingh1,
User Rank: Apprentice
7/8/2015 | 3:43:15 AM
Re: IT Generalists Can Understand Security But Should They?
great news
gautamnandy01
gautamnandy01,
User Rank: Apprentice
7/9/2015 | 5:09:30 AM
Re: IT professionals
The IT Generalist, dows not want to deal with security. 
dsweil35
dsweil35,
User Rank: Apprentice
9/23/2015 | 1:08:50 PM
Entry into Info Sec is difficult.

I have lots of coworker who are IT Gen. like myself, but have no interested in security or even care about it. There only concern is getting what they need to do quickly and efficiently done. I on the other hand am intrigued by security, but and limited by what few certs I can get and book knowledge I can obtain, getting actual experience is almost impossible. Companies expect to hire fully formed professionals with all the knowledge that they will need. Even with growing security concern and using cloud based service to help with companies security concerns it seem there will need to be lots of new professionals in the industry to meet the demands of the market with the increased rate and severity of attacks. Only issue is there are very few entries into the security world. Companies are not likely to spend money on training IT Pros. to do the work that is needed so the industry needs is to create people that meet those needs can create better training to get users up to speed with current Sec Pros.

<<   <   Page 4 / 4
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-46411
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.
CVE-2022-46412
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.
CVE-2022-46413
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.
CVE-2022-46414
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.
CVE-2022-44721
PUBLISHED: 2022-12-04
CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)