| |
| |
|
Security Information |
|
|
|
Data Security; Are Your Company Assets Really Secure?
Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. You may not see it, but almost all of your company's information is in digital form somewhere in the system. These assets are critical because they describe everything about you; your products, customers, strategies, finances, and your future. They might be in a database, protected by data-center security controls, but more often than not, these assets reside on desktops, laptops, home computers, and more importantly in email or on some form of mobile computing device. We have been counting on our firewall to provide protection, but it has been estimated that at least fifty percent of any given organization's information is in email, traveling through the insecure cyberspace of the Internet. Digital Assets are Unique Digital assets are unlike any other asset your company has. Their value exceeds just about any other asset your company owns. In their integral state they are worth everything to your company; however, with a few "tweaks" of the bits they are reduced to garbage. They fill volumes in your data center, yet can be stolen on a keychain or captured in the air. Unlike any other asset, they can be taken tonight, and you will still have them tomorrow. They are being created every day, yet they are almost impossible to dispose of, and you can erase them and they are still there. How can you be sure that your assets are really safe? Understanding Physical Security Architectures Physical assets have been secured for thousands of years, teaching us some important lessons. An effective security architecture uses three basic security control areas. Let's assume you want to create a secure home for your family; what would you do? Most of us started with the basics; doors, windows, locks, and perhaps a fence. Second, we rely on insurance, police protection, and we may have even purchased an attack dog or a personal firearm. Given these controls, you may have taken one more step to provide some type of alarm. Not trusting your ears to detect an intrusion, you might have installed door and window alarms, glass break sensors, or motion detection. You may have even joined the neighborhood watch program in your area. These are the controls everyone uses, and they are similar to the controls that have been used since the beginning of mankind. Which is most important? Looking at the three categories of security controls used, the first consists of protective devices that keep people out; doors, windows, locks, and fences. Secondly, alarms notify us of a break-in. Finally we have a planned response control; the police, use of a firearm, or recovery through insurance. At first glance it may appear that the protective controls are the most important set of controls, but a closer look reveals that detection and response are actually more important. Consider your bank; every day the doors are open for business. This is true of just about every business, home, or transportation vehicle. Even the bank safe is generally open throughout the day. You can see it from the bank teller counter, but step over the line and you will find out how good their detection-response plan is. Evaluating your Company's Approach Now look at your digital assets; how are they protected? If you are like most organizations, your entire security strategy is built on protection controls. Almost every organization in America today has a firewall, but does not have the ability to detect and respond to unauthorized users. Here is a simple test; run a Spyware removal program on your system and see what comes up. In almost every case you will find software installed on your system that was not installed by an authorized user. In the past this has been an irritation; in the future, this will become the program that links uninvited guests to your data. Bruce Schneier, a well known security author and expert writes in his book, Secrets and Lies, "Most attacks and vulnerabilities are the result of bypassing prevention mechanisms". Threats are changing. The biggest threats likely to invade your systems will bypass traditional security measures. Phishing, spyware, remote access Trojans (RATS), and other malicious code attacks are not prevented by your firewall. Given this reality, a detection response strategy is essential. It's time to review your security strategy. Start by asking three questions. First, which assets are critical to your business, where are they located, and who has access to them? Second, what threats exist? Determine who would want your data, how they might gain access, and where the possible weaknesses in your security architecture lie. Finally, how comfortable are you with your company's ability to detect and respond to unauthorized access. If someone wants access to your data, preventative measures alone won't stop them. Begin planning a balanced security architecture. Start by adding detection controls to your prevention architecture. This does not mean simply adding intrusion prevention software (IPS), but rather creating a system to proactively monitor activity. Intruders make noise, just like in the physical world, and with proper event management, combined with zero-day defense technologies of IPS, network administrators can begin to understand what normal activity looks like and what anomalies might be signs of an attack. In a recent interview with Scott Paly, President and CEO of Global Data Guard, a Managed Services Security Provider (MSSP), Scott said, "Threats such as worms and new hacker techniques constantly morph, so the most viable model for optimum security is a blend of preventive and predictive controls based on analysis of network behavior over time". By balancing prevention, detection, and response, companies can defeat most of the latest hacker attempts. David Stelzl, CISSP is the owner and founder of Stelzl Visionary Learning Concepts, Inc. providing keynotes, workshops, and professional coaching to technology resellers. David works with executive managers, sales people, and practice managers who are seeking to become market leaders in technology areas that include Information Security, Managed Services, Storage and Systems solutions, and Networking. Contact us at info@stelzl.us or visit http://www.stelzl.us to find out more.
MORE RESOURCES:
Security - Google News |
|
|
|
RELATED ARTICLES
40 Million People Hacked - YOU as Identity Theft Victim Saturday, MasterCard blamed a vendor of ALL credit card providers called CardSystems Solutions, Inc., a third-party processor of payment card data, as the source of loss of 40 million consumers credit card information. Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing The Internet offers a global marketplace for consumers and businesses. However, criminals also recognize the potential of cyberspace. I Spy...Something Terribly Wrong (In Your Computer) This really chapped my lips.. The Bad Guys Are Phishing For Your Personal Information Do you know what "phishing" is?No, it doesn't mean you grab a pole and head to the late to catch some phish.The official Webopedia definition of "phishing" is as follows:The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Dont be a Dork - Protect Yourself There are folks out there who use their powers for evil, not good. Let's not give them the opportunity to sneak into our lives and wreak havoc. Can I Guess Your Password? We all know that it's dangerous to use the same password for more than one program. If you sign up for a program run by someone of low moral fibre, what is to stop them running through various programs with your username and password to see what they can access? But of course remembering all the different passwords can be a headache. 3 Things You Must Know About Spyware 1)Spyware is on your system. Like it or not, statistically speaking, you probably have spyware on your machine right now. How to Protect Your Child from the Internet When the Internet first came about, it was realized it could be quite the multi-tasking machine. These days people use it for just about everything, from downloading music to checking e-mail, and virtually making the rest of the globe closer all the time. Spyware, What It Is, What It Does, And How To Stop It Spyware is software that runs on a personal computer without the knowledge or consent of the owner of that computer. The Spyware then collects personal information about the user or users of the infected computer. Breaking Into Your PC: News... You'd better learn news from media, not from emails, security experts warn us users again.Numerous emails with "breaking news" in subject lines are appearing in users' inboxes. Free Ways to Tackle Threats to Your Computer Protect Your PCHaving problems with your pc? Do your kids, family or friends fill it with all the stuff they find on the internet?Your computer, just like your car, needs to be serviced regularly to keep it running efficiently. You wouldn't fill your car up with petrol from an old rusty can with a layer of dirty water on the bottom, so you shouldn't allow your pc to be treated that way either. 5 Simple Steps to Protect your Digital Downloads A couple of days ago, I was searching for a popular eBook online. Now I'm not going to tell you the name of this eBook for reasons you'll understand in the next few minutes. The 5 Critical Steps to Protecting Your Computer on the Internet Spyware, viruses and worms.. Identity Theft - Dont Blame The Internet Identity theft - also known as ID theft, identity fraud and ID fraud - describes a type of fraud where a criminal adopts someone else's identity in order to profit illegally. It is one of the fastest growing forms of fraud in many developed countries. Online Cell Phone Scams and Spam They're out there. Individuals trying to make a quick buck at your expense. Lets Talk About Antivirus Software! Nowadays more and more people are using a computer. A lot of them use it at their work place, but an increasing number of computer users have also discovered the need to have a computer at home. Personal Firewalls for Home Users What is a Firewall?The term "firewall" illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network. Consumers: Shop Online and Get Information Safely Do you really have to know how feeds work? Not really. But you do need to understand how they can benefit you as a consumer or as an information seeker. How to Know Whether an Email is a Fake or Not A few nights ago I received an email from "2CO" asking me to update my personal data. The sender did not forget to insert a link to log in, too. Three-pronged Trojan Attack Threatens Security on the Internet Glieder (Win32.Glieder.
|
|
home | site map Visit our other sites: GamesBlog | GamingDepot | GimmeaRide | GimmeNetwork | Golf Biz | HotorNotGame | I Want Computers | I Want Games | I Want Hosting | I Want Music | I Want Security | JokeBox | ScriptShock | Wantedfonts | Webalize |
| © 2006 |
