Data Security; Are Your Company Assets Really Secure?
Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. You may not see it, but almost all of your company's information is in digital form somewhere in the system. These assets are critical because they describe everything about you; your products, customers, strategies, finances, and your future. They might be in a database, protected by data-center security controls, but more often than not, these assets reside on desktops, laptops, home computers, and more importantly in email or on some form of mobile computing device. We have been counting on our firewall to provide protection, but it has been estimated that at least fifty percent of any given organization's information is in email, traveling through the insecure cyberspace of the Internet.
Digital Assets are Unique
Digital assets are unlike any other asset your company has. Their value exceeds just about any other asset your company owns. In their integral state they are worth everything to your company; however, with a few "tweaks" of the bits they are reduced to garbage. They fill volumes in your data center, yet can be stolen on a keychain or captured in the air. Unlike any other asset, they can be taken tonight, and you will still have them tomorrow. They are being created every day, yet they are almost impossible to dispose of, and you can erase them and they are still there. How can you be sure that your assets are really safe?
Understanding Physical Security Architectures
Physical assets have been secured for thousands of years, teaching us some important lessons. An effective security architecture uses three basic security control areas. Let's assume you want to create a secure home for your family; what would you do? Most of us started with the basics; doors, windows, locks, and perhaps a fence. Second, we rely on insurance, police protection, and we may have even purchased an attack dog or a personal firearm. Given these controls, you may have taken one more step to provide some type of alarm. Not trusting your ears to detect an intrusion, you might have installed door and window alarms, glass break sensors, or motion detection. You may have even joined the neighborhood watch program in your area. These are the controls everyone uses, and they are similar to the controls that have been used since the beginning of mankind.
Which is most important? Looking at the three categories of security controls used, the first consists of protective devices that keep people out; doors, windows, locks, and fences. Secondly, alarms notify us of a break-in. Finally we have a planned response control; the police, use of a firearm, or recovery through insurance. At first glance it may appear that the protective controls are the most important set of controls, but a closer look reveals that detection and response are actually more important. Consider your bank; every day the doors are open for business. This is true of just about every business, home, or transportation vehicle. Even the bank safe is generally open throughout the day. You can see it from the bank teller counter, but step over the line and you will find out how good their detection-response plan is.
Evaluating your Company's Approach
Now look at your digital assets; how are they protected? If you are like most organizations, your entire security strategy is built on protection controls. Almost every organization in America today has a firewall, but does not have the ability to detect and respond to unauthorized users. Here is a simple test; run a Spyware removal program on your system and see what comes up. In almost every case you will find software installed on your system that was not installed by an authorized user. In the past this has been an irritation; in the future, this will become the program that links uninvited guests to your data. Bruce Schneier, a well known security author and expert writes in his book, Secrets and Lies, "Most attacks and vulnerabilities are the result of bypassing prevention mechanisms". Threats are changing. The biggest threats likely to invade your systems will bypass traditional security measures. Phishing, spyware, remote access Trojans (RATS), and other malicious code attacks are not prevented by your firewall. Given this reality, a detection response strategy is essential.
It's time to review your security strategy. Start by asking three questions. First, which assets are critical to your business, where are they located, and who has access to them? Second, what threats exist? Determine who would want your data, how they might gain access, and where the possible weaknesses in your security architecture lie. Finally, how comfortable are you with your company's ability to detect and respond to unauthorized access. If someone wants access to your data, preventative measures alone won't stop them.
Begin planning a balanced security architecture. Start by adding detection controls to your prevention architecture. This does not mean simply adding intrusion prevention software (IPS), but rather creating a system to proactively monitor activity. Intruders make noise, just like in the physical world, and with proper event management, combined with zero-day defense technologies of IPS, network administrators can begin to understand what normal activity looks like and what anomalies might be signs of an attack. In a recent interview with Scott Paly, President and CEO of Global Data Guard, a Managed Services Security Provider (MSSP), Scott said, "Threats such as worms and new hacker techniques constantly morph, so the most viable model for optimum security is a blend of preventive and predictive controls based on analysis of network behavior over time". By balancing prevention, detection, and response, companies can defeat most of the latest hacker attempts.
David Stelzl, CISSP is the owner and founder of Stelzl Visionary Learning Concepts, Inc. providing keynotes, workshops, and professional coaching to technology resellers. David works with executive managers, sales people, and practice managers who are seeking to become market leaders in technology areas that include Information Security, Managed Services, Storage and Systems solutions, and Networking. Contact us at info@stelzl.us or visit http://www.stelzl.us to find out more.
|
|
|
|
|
|
|
|
6 Ways To Prevent Identity Theft
These six ways to prevent identity theft offer you valuable... Read More
Internet Privacy
Over the past few years as the internet has become... Read More
A New Low
A new variation of the Nigerian Scam theme ... Read More
Reclaim Your PC from the Internet Spies
Viruses are, however, not the only malicious software programs out... Read More
Is Spyware Watching You?
Imagine my surprise when I received a phone call from... Read More
7 Ways to Spot a PayPal Scam E-Mail
Paypal is a great site and is used by many... Read More
Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda
Fishing on the Internet has come a long way. However,... Read More
How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances
Spyware/adware is a new major concern for PC users everywhere.... Read More
Spyware Attacks! Windows Safe Mode is No Longer Safe
Many of us have run into an annoying and time-consuming... Read More
Its Time to Sing the Encryption Song - Again!
Yes, I'm wearing my encryption hat again. Why you may... Read More
Spyware Protection Software
Spyware protection software is the easiest way of removing spyware... Read More
Backup and Save your business!
There you are busily typing away on your PC or... Read More
DOS Attacks: Instigation and Mitigation
During the release of a new software product specialized to... Read More
How to Protect Yourself Against Online Criminals
Credit card fraud is a growing problem for online businesses... Read More
Reducing Fraudulent Transations ? 5 Simple Ways To Protect Yourself
The money being spent online is steadily growing. With billions... Read More
Burning Bridges is Bad, But Firewalls are Good
When you signed up for that ultra-fast DSL or Cable... Read More
File Sharing - What You Need to Know!
File sharing on p2p is soaring despite the music and... Read More
Hacked: Who Else Is Using Your Computer?
A friend called me one day and asked if I... Read More
An Open Letter From a So-called Stupid
Someone recently told me, "You would have to be a... Read More
A Basic Introduction To Spyware
Spyware is the most troublesome software to appear on the... Read More
How to Prevent Online Identity Theft
Identity theft rates one of the fastest growing crimes in... Read More
3 Steps to Ending Scams and Virus Problems
Watching how the traditional media covers the latest virus or... Read More
How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer
If you use the internet, you have probably been infected... Read More
Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing
The Internet offers a global marketplace for consumers and businesses.... Read More
Traditional Antivirus Programs Useless Against New Unidentified Viruses!
Every now and then you can read about a new... Read More
Hacking Threats and Protective Security
The 1998 Data Protection Act was not an extension to,... Read More
How To Prevent Spyware Attacking Your Computer
Spyware is software or hardware installed on a computer without... Read More
Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk
The trash folder in my main inbox hit 4000 today.... Read More
Firewalls: What They Are And Why You MUST Have One!
A firewall is a system or gateway that prevents unauthorized... Read More
Dont Allow Hackers to Take Out Money from Your Bank Account
If you know what is the 'Fishing' then it's very... Read More
SPYWARE - Whos Watching Who?
I am in the midst of Oscar Wilde's The Picture... Read More
Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders
Can you protect your computer from all possible viruses and... Read More
Identity Theft Offline -- So Many Possibilities
Chris Simpson, head of Scotland Yard's computer crime unit was... Read More
Viruses and Worms, Protection from Disaster
Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More
Protecting Your Children On The Internet
If you are a parent, as am I, I think... Read More
Internet Privacy
Over the past few years as the internet has become... Read More
Virus and Adware - Fix them Both!
We all get the odd virus now and then, but... Read More
How To Give Away Your Personal Information
Identity Theft and Your Personal Information Identity theft is... Read More
Are They Watching You Online?
When surfing the Internet you probably take your anonymity for... Read More
Make Money Online - Latest Scam Disclosed
Before we start, I want to make it clear that... Read More
Protecting Your Home Both Inside and Out
If you are a parent, you have probably wondered at... Read More
The Truth About Hiding Your Tracks on the Internet
Ok, ok, I know you've seen them. All those pop... Read More
Phishing - Learn To Identify It
Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More
How To Avoid Hackers From Destroying Your Site?
Recently, my site and other internet accounts ( http://www.nabaza.com/sites.htm )... Read More
7 Ways to Spot a PayPal Scam E-Mail
Paypal is a great site and is used by many... Read More
Cybercriminals Trick: Targeted Trojan-Containing Emails
Threats we ordinary Web users face online leave us no... Read More
Firewall Protection - Does Your Firewall Do This?
The first thing people think about when defending their computers... Read More
Computer Viruses - How to Remove a Computer Virus from Your Computer
Computer viruses infect millions of computers every day. Viruses can... Read More
Do You Know What your Kids Are Doing Online?
It's a sad statistic, but hundreds of unsuspecting kids are... Read More
Money Mule Email Scam Hits U.S.
Imagine this ? you open up your email box and... Read More
Anti-Spyware Protection: Behind How-To Tips
There is no doubt that "how-to articles" have become a... Read More
The Important Steps To Protect Your Kids on the Internet
Internet is the ocean of knowledge. In this ocean you... Read More
Identity Theft - Dont Blame The Internet
Identity theft ? also known as ID theft, identity fraud... Read More
Top Ten Spyware and Adware Threats Identified
On December 8, 2004 Webroot, an award winning anti-spyware solution... Read More
Be Aware of Phishing Scams!
If you use emails actively in your communication, you must... Read More
Phishing and Pharming: Dangerous Scams
As soon as almost all computer users already got used... Read More
Wells Fargo Report Phishing Scam
First off I should explain what phishing is. Phishing is... Read More
Free Spyware Removal - Its Not As Easy As It Sounds
Nobody wants to pay to remove spyware. At the very... Read More
I Spy...Something Terribly Wrong (In Your Computer)
This really chapped my lips...I recently bought a new computer.... Read More
How Free Scripts Can Create Security Problems
With the Internet entering our lives in such an explosive... Read More
Secrets On Security: A Gentle Introduction To Cryptography
Let us take the example of scrambling an egg. First,... Read More
Spyware Symptoms
Spyware symptoms happen when your computer gets bogged down with... Read More
Free Ways to Tackle Threats to Your Computer
Protect Your PCHaving problems with your pc? Do your kids,... Read More
Another Fine Mess!
I'm in the Anti-Spyware business, and I'm doing a lot... Read More
Dont be a Dork ? Protect Yourself
There are folks out there who use their powers for... Read More
Protecting Your Identity On The Internet
Afraid that someone is monitoring your PC or installed a... Read More
Internet Security |