Welcome to the SecAware blog

I spy with my beady eye ...

1 Sept 2007

STBO on email security

A report into email vulnerabilities, 'sponsored' by a handful of email security companies, is available for free until 21st September although one has to register and is supposed to provide one’s email address plus other personal information to obtain it ... to save you the bother and risk that that entails, here are the report's three stunning conclusions:

"Develop comprehensive email security strategies that address both inbound and outbound vulnerabilities; Actively monitor, assess and address email vulnerabilities on an ongoing basis – new threats appear daily; Include email vulnerability assessment in an overall threat analysis, looking at threats across email and the Web as well as across desktops, laptops, servers and networks."

The report demonstrates a circular/specious argument by pointing out the differences between what "best in class" organizations are doing versus the rest. If one takes the trouble to wade through the report to find out how "best in class" organizations are identified, one finds (surprise surprise) that they are those who demonstrate the very practices that are called out. This is like me lining up a bunch of people against a wall by height, then making a big song-and-dance about the fact that the people towards one end of the bunch are 'height advantaged' or 'height challenged' (depending on which end I'm talking about) compared to the rest.

Of course the report is replete with plenty of impressive-looking statistics and graphs which are no doubt being quoted as fact ... by those email security companies who 'sponsored' the study.

Good thing it's free.

[STBO = Statin The Bleedin Obvious]

No comments:

Post a Comment