5 ways to make sure you aren't the next Wikileak
Network World - This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
Government and intelligence officials around the globe have been caught off guard and in many cases embarrassed and compromised by disclosures of documents on the Web site WikiLeaks.
For security and IT professionals, these leaks serve as an important wake-up call to improve policies, procedures and safeguards. Here are five key tips to help your government agency or enterprise avoid being the source of the next Wikileak.
I. Security Policies and Procedures. Every government organization or enterprise must have policies in place to define who gets access to what information, and when. These policies and procedures must be actively maintained and updated and properly communicated. Then, the security policy can be administered by leveraging technology and putting the proper tools in place to secure, enforce, and mitigate risk to the organization.
In the October 2010 WikiLeaks case in involving some 400,000 U.S. military documents about the Iraq war, policy could have limited access to the systems that contained the sensitive information to those that had a "need to know."
In highly sensitive information environments the policy should require strict management, monitoring and control of access only to people who have a legitimate need to know. Governance, Risk and Compliance (GRC) tools allow organizations to automate some aspects of this task by overlaying security policies and controls over corresponding data sources from switches, routers, security platforms, servers, end points and applications, for a real-time view of their state of compliance.
However, no policy can be 100% effective, and many organizations will experience someone on the inside who has met the policy requirement, does have a legitimate need to know, but has illicit intentions. In these cases the security technology should provide the next layer of defense to meet these internal threats.
II. Implement Host-Based Security Solutions. Host-based security solutions include tools that allow an organization to protect and control laptops and desktop computers. Examples would be anti-virus/anti-malware products and software that prevents a user from using a USB drive or writable CD drive on a computer on a classified network.
Essentially, host-based security protects and limits what users can do at workstations. Host-based controls can disable, for example, simultaneous wired and wireless network capability, which can act as an entry point for a hacker.
Host-based security solutions can also be integrated with network access control (NAC) systems to create a first line of defense for systems that regularly go on and off of the network, such as laptops. If a laptop is infected with a virus, or misses an important security patch while disconnected from the organization's network, the host-based security solutions, in conjunction with the NAC solutions, can assure that effected systems is quarantined, and cleaned of the virus, or receives the proper security patch before it is allowed onto the network.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- HP HAVEn: See the big picture in Big Data
- HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard
- This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting
- This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle
- This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle. All Government IT White Papers
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- All Government IT Webcasts