For those organizations still insisting on maintaining all aspects of their network security in-house, the challenge of maintaining up-to-date security standards rather than outsourcing it to full-time professionals has become extreme. Another example of this phenomenon, in The PC Report:
"I was just looking through the network security part of an IT Textbook currently in use by high schools and noticed the dodgy security information it was giving. The textbook recommends using WEP encryption to “secure the network” , hiding the network’s name (SSID) and filtering MAC addresses; and then goes on to explain why you should use these multiple methods of “security” together.
"The textbook writers are clueless, and that information is out of date, even though it was printed only last year."
Security has become far too specialized to remain the preserve of most in-house IT professionals, who are often so busy with incident support that they can't cover off all of the patching, updating and code reviews required for an organization's network and web presence.
Vaclav Vincalek September 25th, 2009 08:00:00 AM