Data Security; Are Your Company Assets Really Secure?
Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. You may not see it, but almost all of your company's information is in digital form somewhere in the system. These assets are critical because they describe everything about you; your products, customers, strategies, finances, and your future. They might be in a database, protected by data-center security controls, but more often than not, these assets reside on desktops, laptops, home computers, and more importantly in email or on some form of mobile computing device. We have been counting on our firewall to provide protection, but it has been estimated that at least fifty percent of any given organization's information is in email, traveling through the insecure cyberspace of the Internet.
Digital Assets are Unique
Digital assets are unlike any other asset your company has. Their value exceeds just about any other asset your company owns. In their integral state they are worth everything to your company; however, with a few "tweaks" of the bits they are reduced to garbage. They fill volumes in your data center, yet can be stolen on a keychain or captured in the air. Unlike any other asset, they can be taken tonight, and you will still have them tomorrow. They are being created every day, yet they are almost impossible to dispose of, and you can erase them and they are still there. How can you be sure that your assets are really safe?
Understanding Physical Security Architectures
Physical assets have been secured for thousands of years, teaching us some important lessons. An effective security architecture uses three basic security control areas. Let's assume you want to create a secure home for your family; what would you do? Most of us started with the basics; doors, windows, locks, and perhaps a fence. Second, we rely on insurance, police protection, and we may have even purchased an attack dog or a personal firearm. Given these controls, you may have taken one more step to provide some type of alarm. Not trusting your ears to detect an intrusion, you might have installed door and window alarms, glass break sensors, or motion detection. You may have even joined the neighborhood watch program in your area. These are the controls everyone uses, and they are similar to the controls that have been used since the beginning of mankind.
Which is most important? Looking at the three categories of security controls used, the first consists of protective devices that keep people out; doors, windows, locks, and fences. Secondly, alarms notify us of a break-in. Finally we have a planned response control; the police, use of a firearm, or recovery through insurance. At first glance it may appear that the protective controls are the most important set of controls, but a closer look reveals that detection and response are actually more important. Consider your bank; every day the doors are open for business. This is true of just about every business, home, or transportation vehicle. Even the bank safe is generally open throughout the day. You can see it from the bank teller counter, but step over the line and you will find out how good their detection-response plan is.
Evaluating your Company's Approach
Now look at your digital assets; how are they protected? If you are like most organizations, your entire security strategy is built on protection controls. Almost every organization in America today has a firewall, but does not have the ability to detect and respond to unauthorized users. Here is a simple test; run a Spyware removal program on your system and see what comes up. In almost every case you will find software installed on your system that was not installed by an authorized user. In the past this has been an irritation; in the future, this will become the program that links uninvited guests to your data. Bruce Schneier, a well known security author and expert writes in his book, Secrets and Lies, "Most attacks and vulnerabilities are the result of bypassing prevention mechanisms". Threats are changing. The biggest threats likely to invade your systems will bypass traditional security measures. Phishing, spyware, remote access Trojans (RATS), and other malicious code attacks are not prevented by your firewall. Given this reality, a detection response strategy is essential.
It's time to review your security strategy. Start by asking three questions. First, which assets are critical to your business, where are they located, and who has access to them? Second, what threats exist? Determine who would want your data, how they might gain access, and where the possible weaknesses in your security architecture lie. Finally, how comfortable are you with your company's ability to detect and respond to unauthorized access. If someone wants access to your data, preventative measures alone won't stop them.
Begin planning a balanced security architecture. Start by adding detection controls to your prevention architecture. This does not mean simply adding intrusion prevention software (IPS), but rather creating a system to proactively monitor activity. Intruders make noise, just like in the physical world, and with proper event management, combined with zero-day defense technologies of IPS, network administrators can begin to understand what normal activity looks like and what anomalies might be signs of an attack. In a recent interview with Scott Paly, President and CEO of Global Data Guard, a Managed Services Security Provider (MSSP), Scott said, "Threats such as worms and new hacker techniques constantly morph, so the most viable model for optimum security is a blend of preventive and predictive controls based on analysis of network behavior over time". By balancing prevention, detection, and response, companies can defeat most of the latest hacker attempts.
David Stelzl, CISSP is the owner and founder of Stelzl Visionary Learning Concepts, Inc. providing keynotes, workshops, and professional coaching to technology resellers. David works with executive managers, sales people, and practice managers who are seeking to become market leaders in technology areas that include Information Security, Managed Services, Storage and Systems solutions, and Networking. Contact us at info@stelzl.us or visit http://www.stelzl.us to find out more.
|
|
|
|
|
|
|
|
Its War I Tell You!
There are ways to insure security though. You can get... Read More
Viruses, Trojans, and Spyware - Oh My!
Have you ever had to call Symantec or McAfee to... Read More
Spyware Programs Are Out To Get You!
The average computer is packed with hidden software that can... Read More
Are They Watching You Online?
When surfing the Internet you probably take your anonymity for... Read More
Backup and Save your business!
There you are busily typing away on your PC or... Read More
Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders
Can you protect your computer from all possible viruses and... Read More
Is the Internet Insecure Because of You?
Long gone are the days that we could feel secure... Read More
Make Money Online - Defend Against The Latest Scam
First, let's do a little recap'. As I stated in... Read More
Crack The Code - Thats A Direct Challenge
I Challenge You To Crack The Code ------------------------------------- I had... Read More
Types Of Computer Infections
Computer infections can be broken up into 4 main categories... Read More
Ransom Trojan Uses Cryptography for Malicious Purpose
Every day millions of people go online to find information,... Read More
Are You Surfing Safe?
Ok, you've got a computer, and you get online. You... Read More
8 Surefire Ways to Spot an E-Mail Identity Theft Scam!
The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More
A Personal Experience with Identity Theft
Some months ago, before there was much publicity regarding phishing... Read More
Mall Protection
The Loss Prevention Manager should be receptive to the needs... Read More
Securing Your Accounts With Well-Crafted Passwords
In the past I've never really paid much attention to... Read More
Firewalls: What They Are And Why You MUST Have One!
A firewall is a system or gateway that prevents unauthorized... Read More
Five Excellent Indie Encryption And Security Solutions You Have Not Heard About
Geek SuperheroGeek Superhero watches your computer for changes, immediately notifying... Read More
Can I Guess Your Password?
We all know that it's dangerous to use the same... Read More
If You Sell Anything Online Your ePockets Are Being Picked
You and I are a lot alike. We are both... Read More
Everything You Need To Know About Spyware and Malware
You are at your computer, checking out software on EBay.... Read More
The 5 Critical Steps to Protecting Your Computer on the Internet
Spyware, viruses and worms... oh my!If you are connected to... Read More
The Truth About Hiding Your Tracks on the Internet
Ok, ok, I know you've seen them. All those pop... Read More
Criminals are Fishing For Your Identity
What is Phishing? In a typical Phishing attack, a criminal... Read More
New Mass Mailing Spamming Internet Trojan for the Windows Platform
May. 16th 2005 - MicroWorld has reported the discovery of... Read More
Traditional Antivirus Programs Useless Against New Unidentified Viruses!
Every now and then you can read about a new... Read More
From Spyware with Love!
It's late. You've been scouring the web for that perfect... Read More
3 Things You Must Know About Spyware
1)Spyware is on your system. Like it or not, statistically... Read More
Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking
Airport Menace: The Wireless Peeping Tom As a network... Read More
Network Security 101
As more people are logging onto the Internet everyday, Network... Read More
Firewall Protection - Does Your Firewall Do This?
The first thing people think about when defending their computers... Read More
HackAttack
P C. owners are constantly at risk from attacks by... Read More
The One Critical Piece Of Free Software Thats Been Overlooked
Can You Prevent Spyware, Worms, Trojans, Viruses, ... To Work... Read More
New Mass Mailing Spamming Internet Trojan for the Windows Platform
May. 16th 2005 - MicroWorld has reported the discovery of... Read More
How To Prevent Spyware Attacking Your Computer
Spyware is software or hardware installed on a computer without... Read More
Why Corporations Need to Worry About Phishing
Phishing is a relatively new form of online fraud that... Read More
Spy Scanners ? Don?t Compromise your Privacy
Spies, spyware, internet parasites are among what they are usually... Read More
What is Hacking? Are You a Hacker?
WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only... Read More
The Never Ending Spyware Story
It's been with us since 1993, it's gotten more intrusive,... Read More
6 Ways To Prevent Identity Theft
These six ways to prevent identity theft offer you valuable... Read More
What Every Internet Marketer Should Know About Spyware
If you run any type of Internet business, Adware and... Read More
Dont Get Hacked - A Guide to Protecting Your Business from Thieves
You've seen it in the news - 40 million credit... Read More
Is Your Email Private? Part 1 of 3
In a word, no - an email message has always... Read More
Mail Forwarding - Why Would You Do It?
First of all we need to get some terms stated.... Read More
Make Money Online - Latest Scam Disclosed
Before we start, I want to make it clear that... Read More
How To Clean the Spies In Your Computer?
Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More
Protecting Your Children On The Internet
If you are a parent, as am I, I think... Read More
Mall Protection
The Loss Prevention Manager should be receptive to the needs... Read More
Phishing: A Scary Way of Life
The Federal Bureau of Investigation has identified "phishing" as the... Read More
Top Five Online Scams
The top five online scams on the Internet hit nearly... Read More
Social Engineering - The Real E-Terrorism?
One evening, during the graveyard shift, an AOL technical support... Read More
Network Security 101
As more people are logging onto the Internet everyday, Network... Read More
The One Critical Piece Of Free Software Thats Been Overlooked
Can You Prevent Spyware, Worms, Trojans, Viruses, ... To Work... Read More
The 5 Critical Steps to Protecting Your Computer on the Internet
Spyware, viruses and worms... oh my!If you are connected to... Read More
Cyber Crooks Go Phishing
"Phishing," the latest craze among online evil-doers, has nothing to... Read More
The Bad Guys Are Phishing For Your Personal Information
Do you know what "phishing" is?No, it doesn't mean you... Read More
Web Conferencing Readers - So What Do We Do with the PAYPAL SPAMMER
From: "Paypal Security" Subject: New Security Requirements Date: Tue, 26... Read More
Cybercriminals Trick: Targeted Trojan-Containing Emails
Threats we ordinary Web users face online leave us no... Read More
Why Malicious Programs Spread So Quickly?
It seems that nowadays cybercriminals prefer cash to fun. That... Read More
A Basic Introduction To Spyware
Spyware is the most troublesome software to appear on the... Read More
The Attack of the Advertiser - Spy Mother Spy
The menacing campaigns that drive the corporate spyware and adware... Read More
3 Steps to Ending Scams and Virus Problems
Watching how the traditional media covers the latest virus or... Read More
Are You Surfing Safe?
Ok, you've got a computer, and you get online. You... Read More
With the Rise of Internet Crimes, Users are Turning to High-Tech ?PI?s? for Solutions
High-tech private investigators are becoming the answer for many Internet... Read More
Avoid Internet Theft, Fraud and Phishing
Since its birth, the Internet has grown and expanded to... Read More
Password Security and Safety
There is nothing more important that password security in world... Read More
Internet Security |