Welcome to The UltraTech Zone Sign in | Join | Help

Talking Out Loud with ASB

Views on Life, Technology and Everything, by ASB (aka Logik!)...

My Profile

Andrew S. Baker (ASB)

News

  • Platform: CS v2.1 SP2...

    Get a FREE phishing filter for your domain!

    Who links to my website?

    Pando Pro

Maintaining Good Security Practices

Security is not just a state of being.

We are often called to provide an assessment about our present security posture, and usually, the person asking the question is doing so within a very narrow context – one that the may or may not have shared with you.

Answering such a question is difficult at best.

Imagine walking up to your doctor and asking, “Doc, am I healthy?”

If your doctor can answer that without examining you, then one of the following might be true of you and your doctor:

  • you simply have an awesome doctor
  • your doctor that has known you for a long time, and maintains a close relationship with you
  • your doctor is pulling your leg

Similarly, in order to be able to have any reasonable gauge concerning your organization’s total security posture (physical and information), you need to have a good, ongoing relationship with your network and its configuration, and an understanding of the current security threats.

If you know one part of the equation, but not the other, you cannot reasonably conclude anything about your security posture.

As I have stated previously, adhering to regulatory compliance does not always translate to increased security, because the work done for compliance purposes is sometimes very narrowly targeted, and not performed in an ongoing manner.

You need to employ tools to constantly assess the state of your network, servers and applications.

You need to implement policies and procedures that allow your employees, partners, and customers to operate within your environment in a manner that is deemed safe.

You need to evaluate current threats and understand the methodologies that are being used to determine if there are any architectural weaknesses of your organization’s network or operations that need to be shored up, in addition to software.

Finally, you need to educate your users, partners and business leaders about information security practices and threats, and work with them to develop practices that will reduce risk, without undermining productivity.

Being protected against yesterday’s attacks is smart, but it doesn’t make you safe, unless you are also keeping an eye out for today’s and tomorrow’s attacks, and adjusting your strategies to deal with them.

In case you hadn’t noticed, attacks against corporations – many of which have the resources to do better than you do – have risen.  And don’t think that your network will be spared.  The bad guys will simply package up their techniques into scripts that can be deployed by anyone who points them in your general direction – whether or not they know who you are.

The moment you become lax with security is the moment you can become a statistic, and you don’t want to make headlines, or be a part of headlines like these:

And these were all published within the last week of March 2011...

Share Post:
Posted: Thursday, March 31, 2011 5:59 AM by Logik!

Comments

BrainWave Technology Tidbits said:

Security is not just a state of being. We are often called to provide an assessment about our present

# March 31, 2011 6:32 AM
Anonymous comments are disabled

About Logik!

Andrew S. Baker aka ASB aka Logik!

Andrew S. Baker is a business-savvy, hands-on IT leader with expertise in mentoring people, mitigating risk, and integrating technology to drive innovation and maximize business results. He creates competitive advantage for organizations through effective IT leadership: implementation of processes and controls, and architecture of robust business solutions.

Mr. Baker has successfully led a number of high-performance technology teams in designing, deploying and maintaining secure, cost-effective computing environments for well-known companies, including Warner Music Group, The Princeton Review, Bear Stearns, About.com, and Lewco Securities.

For over a decade, Andrew has exhibited thought leadership on technology and business topics via mailing lists, technical forums, blogs, and professional networking groups, along with contributions to podcasts, webinars, and over 20 technical/business magazine articles. He also serves on several boards and committees for non-profit organizations, and within the Seventh-day Adventist church.

His personal interests include Astronomy, Basketball, Bible Study, Chess, Comics, Computers, Family Life Ministries, Reading, Strategy/Role Playing games, and Professional Networking...

A summary of Andrew's current résumé is available here, and he can be reached on a variety of social and professional networks, including LinkedIn, Facebook and Twitter.