Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
FCC defends new net neutrality proposal
New iPad rumor rollup for week ending April 23
Dell adds Big Switch to its SDN mix
Google Plus now minus chief Vic Gundotra
Heartbleed prompts joint vendor effort to boost OpenSSL, security
Microsoft Surface Mini seems likely to ship soon
China working on Linux replacement for Windows XP
FCC adds $9 billion to broadband subsidy fund
Raspberry Pi alternatives emerge to fill need for speed
It's now possible to wirelessly charge 40 smartphones from 16 feet away
Ex-FCC commissioner to head CTIA in latest Washington shuffle
Go time traveling with Google Maps
While Heartbleed distracts, hackers hit US universities
Survey respondents shun much-hyped mobile shopping technologies
7 Ways to Advance Your Project Management Career
How Apple's billion dollar sapphire bet will pay off
US to vote on sharp increase in broadband subsidies
iPhone 6 rumor rollup for the week ending April 18
NSA spying revelations have tired out China's Huawei
Arista co-founder may have switch maker by its jewels
Open source pitfalls – and how to avoid them
AT&T's expanded 1 Gbps fiber rollout could go head to head with Google
Verizon: Web apps are the security punching bag of the Internet

Managed security monitoring

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

Readers will know that I admire and respect Bruce Schneier, founder and chief technical officer of Counterpane Internet Security. The man is brilliant, his take on security makes sense and he writes clearly and simply. His free monthly e-mail newsletter, " Cryptogram, " [] is always worth reading and includes lucid opinion pieces and brief summaries of recent information security developments with pointers to the full articles. His book " Secrets and Lies " (see is a stimulating exploration of the fundamental issues in security today and is suitable not only for network managers and security experts but also for general management who have even the slightest interest in security.

I recently received a booklet entitled, " Managed Security Monitoring: Network Security for the 21st Century " by Bruce Schneier and found it up to Schneier's usual standard of excellence. The document is available on the Web in HTML [] and in PDF [ ].

Schneier's introduction reiterates his emphasis on the human side of security as he believes that sole dependence on technology products is futile. In the section on " The Importance of Security, " he summarizes risks for organizations using the Internet. He describes direct losses as, " theft of trade secrets, customer information, money [and] productivity losses, " and indirect losses as, " loss of customers, damage to brand [and] loss of goodwill. "

He points to increased legal liability for officers of organizations that fail to protect the privacy of customers or data subjects in the financial and health care industries. In " The Failure of Traditional Security, " Schneier condemns " traditional " security, by which he means the fruitless search for " magic preventive technology, " and insists that only a commitment to process will allow us to manage risks in the face of changing threats and vulnerabilities.

In subsequent sections, Schneier builds a compelling case for the well-established view that risk management must depend on protection, detection and response. He then discusses intrusion-detection technologies and asserts that software alone is insufficient. He believes that we need people to improve the power of the test, i.e., to distinguish between real incidents and false alarms. Next, network personnel must be ready with well-thought-out plans for responding effectively to particular intrusions or other attacks.

Finally, Schneier discusses his view of how to outsource network security monitoring and goes on to discuss how his company's services meet the criteria he has established. One of his most important messages is that monitoring should be the first step in establishing network security, not the last. Monitoring can provide a baseline that supports effective risk management even before security policies are established and technology is implemented.

As I have written in other articles, it is always a pleasure to see a white paper that is worthy of the name. Schneier's booklet is a truly well-designed, thoughtful definition and analysis of a problem that includes valuable suggestions for evaluating alternatives with company- or product-specific details. I hope more techies can convince their marketing colleagues to emulate this model.


Check out the new "Computer Security Handbook, 4th Edition" edited by Seymour Bosworth and Michel E. Kabay; Wiley (New York), ISBN 0-4714-1258-9. Available now at your technical bookstore or visit Amazon.

M. E. Kabay, Ph.D., CISSP is Associate Professor of Information Assurance in the Department of Computer Information Systems at Norwich University in Northfield, Vt. Mich can be reached by e-mail by clicking here. He invites inquiries about his information security and operations management courses and consulting services. Visit his Web site for papers and course materials on information technology, security and management.

Archive of Network World Fusion Focus on Security newsletters

Network World Security and Bug Patch Alert
News of the latest security holes and patches.

Jamming, military style
Network World, 07/02/01

NetScreen pushes firewall speed to 2G bit/sec
Network World, 07/02/01

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.