|
Email Marketing InformationData Security; Are your Assets Secure?
by:
David Stelzl, CISSP
Is your data secure? Think again. Securing data is unlike any different corporate asset, and is likely the biggest challenge your institution faces today. You may not see it, but all but all of your company's information is in digital form somewhere in the system. These assets are critical because they describe everything just about you; your products, customers, strategies, finances, and your future. They power be in a database, protected by data-center safety controls, but much often than not, these assets reside on desktops, laptops, house computers, and much significantly
in email or on several form of mobile computing device. We have been enumeration on our firewall to provide protection, but it has been calculable
that at least fifty pct of any given organization's information is in email, traveling through the insecure computer network of the Internet.
Digital Assets are Unique
Digital assets are unlike any different quality
your institution has. Their value exceeds just just about any different quality
your institution owns. In their integral state they are worth everything to your company; however, with a few "tweaks" of the bits they are reduced to garbage. They fill volumes in your data center, yet can be taken
on a keychain or captured in the air. Unlike any different asset, they can be taken tonight, and you wish still have them tomorrow. They are being created every day, yet they are all but impossible to dispose of, and you can erase them and they are still there. How can you be sure that your assets are actually safe?
Understanding Physical Safety Architectures
Physical assets have been secured for thousands of years, teaching us several important lessons. An effective safety architecture uses three basic safety control areas. Let's assume you want to create a secure house for your family; what would-be you do? Most of us started with the basics; doors, windows, locks, and maybe a fence. Second, we bank on insurance, police protection, and we may have even as purchased an attack dog or a personal firearm. Given these controls, you may have taken one much step to provide several type of alarm. Not trusting your ears to discover an intrusion, you power have installed door and window alarms, glass break sensors, or motion detection. You may have even as joined the neighborhood watch program in your area. These are the controls everyone uses, and they are similar to the controls that have been used since the beginning of mankind.
Which is most important? Looking at the three categories of safety controls used, the 1st consists of protective devices that support folk out; doors, windows, locks, and fences. Secondly, alarms apprise us of a break-in. Finally we have a planned response control; the police, use of a firearm, or recovery through insurance. At 1st glance it may appear that the protective controls are the most important set of controls, but a closer look reveals that detection and response are actually much important. Consider your bank; every day the doors are open for business. This is true of just just about every business, home, or transportation vehicle. Even as the bank safe is generally open throughout the day. You can see it from the bank teller counter, but step over the line and you wish find out how nice their detection-response plan is.
Evaluating your Company's Approach
Now look at your digital assets; how are they protected? If you are like most organizations, your entire safety strategy is built on protection controls. All but every organization in America now has a firewall, but makes not have the ability to discover and respond to unauthorized users. Here is a simple test; run a Spyware removal program on your system and see what comes up. In all but every case you wish find code installed on your system that was not installed by an authorized user. In the past this has been an irritation; in the future, this wish become the program that links uninvited guests to your data. Bruce Schneier, a well best-known safety author and expert writes in his book, Private secrets and Lies, "Most attacks and vulnerabilities are the result of bypassing hindrance mechanisms". Threats are changing. The biggest threats likely to invade your systems wish bypass traditional safety measures. Phishing, spyware, remote access Trojans (RATS), and different malicious code attacks are not prevented by your firewall. Given this reality, a detection response strategy is essential.
It's time to review your safety strategy. Start by asking three questions. First, which assets are critical to your business, wherever
are they located, and who has access to them? Second, what threats exist? Determine who would-be want your data, how they power gain access, and wherever
the possible weaknesses in your safety architecture lie. Finally, how comfortable are you with your company's ability to discover and respond to unauthorized access. If being wants access to your data, preventative measures alone won't finish them.
Begin planning a balanced safety architecture. Start by adding detection controls to your hindrance architecture. This makes not mean just adding intrusion hindrance code (IPS), but rather creating a system to proactively monitor activity. Intruders do noise, just like in the physical world, and with proper event management, combined with zero-day defense technologies of IPS, network administrators can begin to understand what normal work looks like and what anomalies power be signs of an attack. In a recent interview with Scott Paly, President and CEO of Worldwide Data Guard, a Managed Services Safety Provider (MSSP), Scott said, "Threats such as worms and new hacker techniques perpetually
morph, so the most viable model for optimum safety is a blend of preventive and prognosticative controls based on analysis of network behavior over time". By equalisation prevention, detection, and response, companies can defeat most of the latest hacker attempts.
Just just about the author:
David Stelzl, CISSP is the owner and founder of Stelzl Visionary Learning Concepts, Inc. providing keynotes, workshops, and professional employment to technology resellers. David works with executive managers, sales people, and practice managers who are seeking to become market leaders in technology areas that include Information Security, Managed Services, Storage and Systems solutions, and Networking. Contact us at mailto:info@stelzl.us or visit http://www.stelzl.usto find out more.
Circulated by Article Emporium
| |
