Video: Lessons Learned from BreachesHord Tipton of (ISC)2 on What's Needed to Improve Defenses
As 2011 ended, Hord Tipton, executive director of (ISC)2, reflected on the major data breaches of the year - RSA, Sony, Epsilon - and he wrote a blog entry about the lessons security professionals must learn from these incidents.
"In virtually all of the breaches of 2011, there was a human error or failure that could have been avoided," Tipton wrote. "As IT people, we tend to focus more on the technology surrounding these compromises, but as I look more closely at each of them, I believe that humans are still at the heart of great security successes - and, unfortunately, great security breaches."
In an exclusive video interview recorded at RSA Conference 2012, Tipton expanded on this topic, discussing:
- Advanced persistent threat - and why it isn't being taken seriously enough;
- How security pros still aren't taking care of the little things that lead to big breaches;
- What needs to be done to properly address application security.
Tipton is the Executive Director for (ISC)2, the largest not-for-profit membership body of certified information security professionals worldwide, with over 80,000 members in more than 135 countries.