I've been a subscriber to Information Security for five years, possibly six. This magazine, like ComputerWorld, is one of those publication that is 'free' for people in the industry. The 'free' comes from answering a yearly survey and agreeing to have targeted ads in with the magazine content. The usual deal.
Five years ago I wasn't as with-it with information security as I am now. Five years ago I worked for a company that occasionally bought security widgets. Five years ago I was hoping to break into the burgeoning InfoSec industry.
Then I came here. Since our networking security model is a cross between an ISP and a government agency, we have different challenges. Security widgets aren't really in the picture, and security software only barely and is typically handled at levels above me (much to their detriment). Security procedure I've gleaned through experience over the last five years. We haven't had any prosecutible events on my watch, but then neither did I while at my old job.
Information Security is all about the following topics, in rough order of order:
Our information security budget is teensy. So teensy, it isn't even broken out as a separate line item. We deal with it when we have an identified problem, and upper management has signaled that they're willing to finance the handling of it. As a rule, we don't put much stock into widgets. The few we have are a Bluesocket for wireless access, which arrived before I got here, a PIX around that one critical subnet, and that's about it. I don't count AV software in this category.
Regulatory Compliance:
Until the Feds pass some form of Higher Education Finance and Reporting Act, I'm largely safe here. There is some HIPPA stuff we handle, but that's really minor compared to other things like patching schedules. Regulatory compliance weighs very lightly (heck, not at all!) on my mind, which puts me even further from the clutches of the worry-wart advertisers.
Business Cases:
While a good idea in theory, in the last year I've yet to read even one business case that applied to us. Our unusual network security model is not near what Information Security is selling. It was at my old job, but it is not here.
Since the top three topics of Information Security are not applicable to me, I've decided to attempt to discontinue my subscription. We'll see if it takes.
Five years ago I wasn't as with-it with information security as I am now. Five years ago I worked for a company that occasionally bought security widgets. Five years ago I was hoping to break into the burgeoning InfoSec industry.
Then I came here. Since our networking security model is a cross between an ISP and a government agency, we have different challenges. Security widgets aren't really in the picture, and security software only barely and is typically handled at levels above me (much to their detriment). Security procedure I've gleaned through experience over the last five years. We haven't had any prosecutible events on my watch, but then neither did I while at my old job.
Information Security is all about the following topics, in rough order of order:
- Selling Widgets. Reviewing new widgets, sharing ideas on how to use certain classes of widgets, and who is doing a good job in widgetdom.
- Regulatory Compliance. Things like HIPPA and SOX weigh big on corporate companies. Their ads are all about preying on concerned relating to regulatory compliance.
- Business Cases. People who have done Security right tell the tale of how it worked for them.
Our information security budget is teensy. So teensy, it isn't even broken out as a separate line item. We deal with it when we have an identified problem, and upper management has signaled that they're willing to finance the handling of it. As a rule, we don't put much stock into widgets. The few we have are a Bluesocket for wireless access, which arrived before I got here, a PIX around that one critical subnet, and that's about it. I don't count AV software in this category.
Regulatory Compliance:
Until the Feds pass some form of Higher Education Finance and Reporting Act, I'm largely safe here. There is some HIPPA stuff we handle, but that's really minor compared to other things like patching schedules. Regulatory compliance weighs very lightly (heck, not at all!) on my mind, which puts me even further from the clutches of the worry-wart advertisers.
Business Cases:
While a good idea in theory, in the last year I've yet to read even one business case that applied to us. Our unusual network security model is not near what Information Security is selling. It was at my old job, but it is not here.
Since the top three topics of Information Security are not applicable to me, I've decided to attempt to discontinue my subscription. We'll see if it takes.
I let my subscription lapse about two years ago for the same reason. Everything of value in the magazine, which was getting smaller with each issue, can be found on their website.