Challenges to Security Efforts
Misguided: one-size-fits-all solutions (product = security); delegation of security duties (use cases)
Threat-specific: firewalls, then operating systems, now application-layer (IDS)
Minimalist: hard to demonstrate ROI on the purchase of security products
Reactionary: applied as an afterthought, to counter threats that arise
Distributed: many organizations outsource some operations (especially Internet), and accountability is sometimes hard to assign