Institute for Applied Network Security: Institute Insights, September 2004

INDEX
>>	Up Front Perennial Questions
>>	Faculty Viewpoint Fred Avolio
>>	Data Point Certification
>>	Partner Program News Partner Portal 2.0 Launches

NEXT EVENTS
New York Metro Forum November 16-17, 2004 Lone Star Forum January 19-20, 2005 Mid-Atlantic Forum March 2005 Southeast Forum June 2005 Midwest Forum August 2005
REGISTER NOW

The Institute is pleased to be the Governing Body for the Panel of Judges for the 2004 ISE National Award. For more information, please visit www.infosecaward.com.


SUBSCRIPTION CENTER
The staff of Institute Insights seeks to keep Forum friends and alumni informed about events, insights and other news. Register a friend: Keep your colleaques in the loop. Sign them up today. Unsubscribe: If this newsletter has reached you in error or you are no longer interested in network security, you may unsubscribe at any time by directing an email to unsubscribe@ianetsec.com.

UP FRONT

Happy Anniversary, and Perennial Questions

This September marks the Institute's 4th Annual New England Network Security Forum. What have we learned? The insights are too numerous to detail here. But no matter how much threats increase or technology changes, one thing has remained consistent: many of the same problems tend to plague users year after year.

Educating users, doing more with less, and feeling frustrated with immature commercial solutions -- these are some of the continual challenges we hear about at every one of our Network Security Forums. They continue because there are no concrete solutions that work for every situation. Yet there are also questions that crop up because people -- however unwittingly -- have forgotten the industry's past. That's what this issue's Faculty Viewpoint examines: those questions with answers embedded in the past. One of them is almost rhetorical -- are security certifications important? We explore this question further in Data Point.

Other age-old questions may find answers in the Institute archives, which become available in September to Institute Partner Program members. The archive, included in Version 2.0 of the private Institute Partner Portal, is searchable by keyword, event, type of technology and more. May it jog our collective memory. — The Institute

FACULTY VIEWPOINT: Fred Avolio

The Importance of History in Network Security

“It’s still the same old story: a fight for love and glory, a case of do or die.” These words, made famous in the Warner Brothers’ movie Casablanca, remind us of what U.S. philosopher and poet George Santayana (1863–1952) once wrote: “Those who cannot remember the past are condemned to repeat it.”

One of the problems in the computer and network security space is that we behave as if we have no history. Or, perhaps we have lost our sense of history.

Either way, we will not learn from our mistakes. We will spend needless hours going over

Fred Avolio is a member of the Institute faculty. He is a security consultant, writer, and instructor who has worked with Internet security systems for over 15 years. Write to him at favolio@ianetsec.com.

the same old ground, reinventing the same old devices.

We see evidence of this in some of the questions that Forum Members raise, on topics such as buffer overflows, application-level security, and certification. Read more

DATA POINT: Certification

"I would recommend certification to peers or subordinates"

Whether certification is a good measure of qualification is an age-old question. So we asked Forum members in Chicago in July if they had certifications (67% of the 36 survey respondents did, and another 19% were working toward one) and what their experiences and thoughts about them were.

Feedback was mostly positive – three in four certified respondents would recommend security certification (see chart), one-quarter were neutral, and no one would recommend against it. Among the 21 hiring managers in the survey, three in four agreed certifications on resumes were nice, but no substitute for experience, while some of the others either weren’t impressed (5%) or wouldn’t consider an applicant without a CISSP (5%).

So even though the survey had a small sample size, consensus was strong that certs are a good idea – but experience is what really counts.

PARTNER PROGRAM NEWS

Institute Launches Partner Portal Version 2.0

The Institute launched the next version of the Institute Partner Program portal at the New England Network Security Forum in September. This rollout is laden with new features such as a search engine that crawls through all Institute content. Partners can search Summaries of Findings, Multimedia Briefing Summaries and more, by keyword, Forum date, type of Forum session, type of content, and many other parameters.

"This capability enhances the repertoire of tools that Partners have when seeking advice or researching new products and companies," said Managing Partner Jack Phillips. "For example, a product search would return all the pros, cons and comments made by current customers of a particular solution provider, from all of our recent Forums."

The Partner Portal is available exclusively to Institute Partners. To learn more, please contact Phil Gardner at 617.399.8100 or direct an email to partner@ianetsec.com.

® 2004 The Institute for Applied Network Security, 30 Rowes Wharf, Boston, MA 02110 617.399.8100