Tipping sacred cows: Make bold decisions to protect your information
Computerworld - For some organizations, the recent spate of worms and hacking attacks has suddenly made security front-page news. For other organizations, security has been a multiyear journey, not toward a destination, but as a means toward greater discipline and attention to technical and business integrity.
For all, security means making changes: changes to the software development life cycle, to the desktop environment, to network architecture and remote access, and to business processes. If you've been in the IT business for 10 years or more, you have probably seen these changes.
Before you can make changes, you have to know what to change. What things in your organization are being built, run or performed the way they were 10, five or just three years ago? While the guiding principles of security best practices are still pretty much what they were several years ago (and justifiably so), the ways in which they are applied are still changing and improving. Part of this is because threats are evolving rapidly, and part of it is because we are learning how to better protect our environments: The tools and techniques are improving all the time.
Peter H. Gregory, CISSP, CISA, is an information technology and security consultant, a freelance writer and an author of several books, including Solaris Security, Enterprise Information Security, and CISSP for Dummies. As a consultant he provides strategic technology and security services to small and large businesses.
He can be reached at firstname.lastname@example.org.
His Web site is www.hartgregorygroup.com.
- Is your remote access encrypted, and does it use strong authentication?
- Is customer information on your Web server?
- Are you keeping up with security patches?
- Has anyone taken a good long look at your firewall rules lately?
- Is anyone watching the logs on servers, firewalls and intrusion-detection systems?
Unless you or someone in your organization has the time to stay current on security issues and keep systems, firewalls, routers and everything else well configured, then your organization has a problem. Unless it is being regularly updated, any system or network device that was built and implemented more than two years ago lacks today's best security practices in one or more areas. Sooner or later, a script kiddie or a disgruntled employee will find, expose and hurt your company.
Get Objective Opinions
If telling management that changes are needed feels like a career-threatening move, then a good solution may be to find some well-respected, objective information that can help them to understand that the status quo is leading them straight to catastrophe. This information may be in the form of articles describing best practices in layman's terms or, at the other end of the spectrum, detailed findings of a security assessment. If management won't consider even a small, focused security assessment, then you'll have to rely for now on free or almost-free information.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts