|
Security poses many practical challenges. In nearly every tool
there are some security features to be configured. However, this
has to be done properly. The best crytptographic protocol is of
little value if the corresponding keys are poorly managed. Security
management has become am increasingly demanding task. It is not
only an important topic from a security practitioner perspective
but also from a research perspective.
Security management is to a large extent about automation. An area
that is gaining momentum and has a great deal in common with security
management is governance, risk and compliance (GRC). Technologies
developed for security management can, in many cases, also be applied
to compliance management. However, compliance poses new challenges
beyond the traditional, IT-level based security work. Business aspects
have to be considered in GRC solutions, and bridging the gap between
business and IT levels has become a challenge we are working on
from a security perspective as well.
|