| The cold war was political. It's over.
| |
| | assessment and plan is far less
|
| World War III is an economic war. It's
| |
| | expensive. According to David Bauer,
|
| here - it's now. Information is where the
| |
| | first vice president, chief information
|
| money is and theft is easy, safe, and
| |
| | security and privacy officer at Merrill
|
| lucrative. Eavesdropping and other high
| |
| | Lynch, a key component of any strategy is
|
| tech related crimes are difficult to
| |
| | a dynamic risk assessment. By using tools
|
| enforce and prove. Advancements in
| |
| | such as scanners, log analysis, risk
|
| electronics and optical electronics have
| |
| | metrics and asset inventory that produce
|
| made communications interception easy
| |
| | a biweekly security report you can more
|
| and cheap. Business ethics don't have the
| |
| | quickly analyze and prioritize current or
|
| same value as they did in the good old
| |
| | potential threats. This approach allows
|
| days of the "deck of punch cards"
| |
| | organizations to move from a
|
| computing.
| |
| | circle-the-wagons approach to intelligent
|
| IT and business security is becoming more
| |
| | risk management.
|
| and more critical in today's commercial
| |
| | With an intelligent risk management
|
| environment. Every day we are faced with
| |
| | solution the percentage of the IT budget
|
| new computer risks, viruses and new
| |
| | that needs to be spent on effective risk
|
| "ideas" from hackers on how to gain
| |
| | protection is actually far less than what
|
| access to our network or other systems
| |
| | your competitors will be forced to spend.
|
| or physical locations. Fortunately, there
| |
| | The answer is not about how much you
|
| are even more sophisticated business
| |
| | spend but how well you spend it. This way
|
| solutions out there that can be
| |
| | about half the spending is advisory,
|
| implemented to secure us from these
| |
| | helping build secure systems, while the
|
| dangers. These can be anything from
| |
| | rest goes toward risk management,
|
| simple firewalls up to very expensive
| |
| | prevention and response. For instance it
|
| encryption and biometric authentication
| |
| | is easy to get somebody's password, so
|
| solutions or remote communication
| |
| | the damage that can be done by an
|
| modules. These new business realities
| |
| | individual has to be as small as
|
| affect you as much as it does your
| |
| | possible. William Farrow, CIO at the
|
| competitor - no matter what your line of
| |
| | Chicago Board of Trade, told how a woman
|
| business. The question is how can you
| |
| | cleaning a conference room became
|
| protect your organization, no matter how
| |
| | suspicious of a laptop left running
|
| large or small, from the known and
| |
| | overnight. She reported it to security,
|
| unknown security dangers and risks to
| |
| | and it was later discovered that
|
| remain as competitive, and therefore
| |
| | someone had left the laptop running
|
| profitable as possible?
| |
| | port scanning software aimed at
|
| What about all the other business risks
| |
| | penetrating the corporate computer
|
| that are also getting more sophisticated?
| |
| | network. In this case even an employee at
|
| Have you considered all the risks that
| |
| | the lowest level of the corporate
|
| cannot he covered by technology? What
| |
| | structure was made aware of the potential
|
| about the human side of business? No
| |
| | damage that can be done to the
|
| business can function without the human
| |
| | organization with a security breach. In
|
| touch. Yet how do you know when that
| |
| | corporate or IT security, emotional
|
| necessary "human touch" is about to reach
| |
| | reactions, panic and legislation are
|
| out and touch you in the form of an
| |
| | counterproductive. But intelligent
|
| "insider" attack? Have you thought about
| |
| | approaches can safeguard your
|
| your employees behind the technology? How
| |
| | organization or business from an
|
| about social re-engineering forces or
| |
| | uncertain future and substantial
|
| disgruntled employees? When did you have
| |
| | financial losses.
|
| your last corporate risk assessment
| |
| | If you ask CEO's of large corporations,
|
| completed or even considered if ever?
| |
| | who have gotten even low-level employees
|
| As a person you are prepared for the
| |
| | to be savvy about security, you get
|
| unexpected: you face the unexpected
| |
| | advice on employee education: "Make it a
|
| several times a day without giving it a
| |
| | part of daily conversation in every
|
| second thought. You follow the rules of
| |
| | project meeting. Make it clear that every
|
| the road when you drive because you know
| |
| | project has responsibility for security.
|
| it is the right thing to do. You
| |
| | You have to make it part of day-to-day
|
| purchase insurance for yourself and
| |
| | operations." Adherence to clearly
|
| your car, carry health insurance and life
| |
| | defined security principles should be a
|
| insurance because you know it is the
| |
| | part of each employees contract. It is
|
| right thing to do for your family.
| |
| | also important to publicize employee
|
| Unfortunately, with many of the business
| |
| | caused security incidents internally, not
|
| risks of today there is no "red light,
| |
| | necessarily naming the employee who made
|
| green light" to tell us when to stop arid
| |
| | a mistake, but doing it in a way that
|
| when to go. But how can you say you are
| |
| | others learn from the error. Those
|
| sorry enough to your customers, when you
| |
| | organizations or businesses that have
|
| have to tell them some hacker has posted
| |
| | evolved a system of process improvement
|
| their credit card number on the hackers
| |
| | as a natural consequence of their
|
| web site? When it comes to your
| |
| | business demands are those
|
| organization or business, have you put
| |
| | organizations or businesses that will
|
| the same level of consideration into how
| |
| | excel and win the security wars.
|
| your employees and customers will
| |
| | The main key between companies that
|
| continue to rely on you should the
| |
| | have implemented a dynamic security
|
| unexpected happen?
| |
| | plan and those who have not is:
|
| If you're like the Senior Executive or
| |
| | preparation. Preparation requires a
|
| owner of most companies, the answer may
| |
| | focus on risk management,
|
| be a frightening "No, we have never had
| |
| | intelligence-driven identification,
|
| any comprehensive business risk
| |
| | prevention and response. A good
|
| assessment completed." Or worse yet,
| |
| | organizational or business security
|
| perhaps you have a false sense of
| |
| | strategy is built around these
|
| security in a plan that was developed
| |
| | principals: threat management,
|
| several years ago. With all we hear about
| |
| | including intelligence, planning and
|
| how high the price of security can be
| |
| | instant response; comprehensive
|
| these days you may find yourself saying,
| |
| | security services; attention to public
|
| "Investing in a security and privacy
| |
| | policy, including active attempts to
|
| solution is expensive; too expensive for
| |
| | educate legislators; and an agile
|
| our organization or business right now."
| |
| | response to the changing risk
|
| But can you afford to risk spending more
| |
| | environment. After all, as we have
|
| than 15, times the cost of preventing a
| |
| | learned, an intelligent security
|
| security breach or a communications
| |
| | response needs to be everyone's
|
| breakdown when the unforeseen does in
| |
| | responsibility and it is not always
|
| fact happen?
| |
| | limited to technology and IT security
|
| Proactively preparing your business
| |
| | that matters the most.
|
| with a comprehensive security
| |
| |
|