Dan Geer gets it


Posted on by Ben Rothke

After reading Economics & Strategies of Data Security, you know that Dan Geer is a person who really gets what information security is all about. 

Too many organizations equate security with buying security products. While today's data centers are full of firewalls and intrusion detection systems, most organizations' IT systems are not getting more secure. 

Only risk-based methodologies can secure today's mission-critical IT systems. In Economics and Strategies of Data Security, author Dan Geer demonstrates that security can't be product-centric. It requires a strategic, risk-based, data-centric approach. 

If you are looking for a 1,200-page tome about every security technology under the sun, this is not it. Instead the book zeroes in on the core concepts of data security and the underlying issue of risk and how the former can be applied to mitigate the latter. 

Geer discusses the economics of loss, intelligent data-centric security strategies, and how to develop a forward-looking approach for data security. 

An alumnus of the Massachusetts Institute of Technology (MIT), Geer oversaw development of MIT's Project Athena, which developed the seminal Kerberos networking protocol and the X Window System graphic user interface for Unix. He is now the principal of Geer Risk Services and former chief scientist emeritus of the book's publisher, Verdasys of Waltham, Massachusetts. 

This book should be required reading for anyone who cares about the security of their organization's data. If you read the book today, pick it up again 10 years from now. It will probably still be timely.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community