IT Security & Risk
Protecting your privacy has never been more important. Here's what you can do.
In a world where data communications are constantly changing, internet connections are becoming less expensive and software is developing rapidly, security is becoming a bigger issue than ever. Nowadays, security is not optional – it is a requirement. This is due to the fact that global computing is fundamentally insecure. When an employee sends an email across the internet to an employee in another company, it must go through many different points on the way. This gives other internet users a chance to intercept, or even modify, the data.
In a world where data communications are constantly changing, internet connections are becoming less expensive and software is developing rapidly, security is becoming a bigger issue than ever. Nowadays, security is not optional – it is a requirement. This is due to the fact that global computing is fundamentally insecure. When an employee sends an email across the internet to an employee in another company, it must go through many different points on the way. This gives other internet users a chance to intercept, or even modify, the data.
"Men just want to fix things" so they say. While not all decision makers are men it does seem that in the Information Security world that we are in a rush to get a solution. Management in general is not good at ensuring that they are solving the real problem, are not often enough justifying the expenditure through a business case which relates annual exposure to annual cost of control, and are usually satisfied with a single solution rather than several different layers of control.
PART 3 – BEST PRACTICES
This high level guide provides a road map for creating an effective enterprise data loss prevention program. It outlines the necessary steps for managing data usage from initial risk assessment and planning to data classification and policy architecture to deployment and maintenance of automated loss prevention tools. The guide incorporates earthwave’s internal methodology to deliver not only a comprehensive technical solution, but also a best-of-breed enterprise data loss prevention model.
This high level guide provides a road map for creating an effective enterprise data loss prevention program. It outlines the necessary steps for managing data usage from initial risk assessment and planning to data classification and policy architecture to deployment and maintenance of automated loss prevention tools. The guide incorporates earthwave’s internal methodology to deliver not only a comprehensive technical solution, but also a best-of-breed enterprise data loss prevention model.
PART 5 - POST DEPLOYMENT
Selected carefully, one Data Loss Prevention (DLP) solution can meet multiple control objectives and multiple business needs. A robust DLP solution spans applications, network channels, and physical devices, including all the usage and transfer modes discussed in the previous section. This complete coverage is necessary for true visibility into how data is being transferred and, when organisations are ready to begin blocking, allows accurate enforcement at all loss points.
Selected carefully, one Data Loss Prevention (DLP) solution can meet multiple control objectives and multiple business needs. A robust DLP solution spans applications, network channels, and physical devices, including all the usage and transfer modes discussed in the previous section. This complete coverage is necessary for true visibility into how data is being transferred and, when organisations are ready to begin blocking, allows accurate enforcement at all loss points.
PART 4 – PRODUCT SELECTION
There is no doubt that if your organization has intellectual property to protect or falls within one of the breach disclosure laws then you should be seriously considering a Data Loss Prevention (DLP) solution. DLP is by far one of the most important security innovations in a long time, as the industry shifts focus from protecting the perimeter to the data itself. But before you fall for a product vendors sales pitch about how easy it is to deploy their product and get a handle on your data, there are a few lessons to be learned from previously burned customers.
There is no doubt that if your organization has intellectual property to protect or falls within one of the breach disclosure laws then you should be seriously considering a Data Loss Prevention (DLP) solution. DLP is by far one of the most important security innovations in a long time, as the industry shifts focus from protecting the perimeter to the data itself. But before you fall for a product vendors sales pitch about how easy it is to deploy their product and get a handle on your data, there are a few lessons to be learned from previously burned customers.
PART 1 – DEMYSTIFYING DATA LOSS PREVENTION
Is ignorance bliss? Not when it comes to data loss. Every organization has lost sensitive data; most just don’t know which data, where, when, or how. But regulatory requirements for public notification of losses will mean Australian organisations will gain visibility the hard way—in the headlines. And bad news travels fast.
Is ignorance bliss? Not when it comes to data loss. Every organization has lost sensitive data; most just don’t know which data, where, when, or how. But regulatory requirements for public notification of losses will mean Australian organisations will gain visibility the hard way—in the headlines. And bad news travels fast.
PART 2 – INDUSTRY CASE STUDIES
Though external threats and attacks remain a major concern for CIOs and CSOs, loss of the company’s most valued data often is the result of insider actions. Some of these actions are intentional and malicious, but the larger percentage is accidental and unintended, the result of employees’ ignorance about data protection policies or their willingness to skirt policies in order to work more productively.
Though external threats and attacks remain a major concern for CIOs and CSOs, loss of the company’s most valued data often is the result of insider actions. Some of these actions are intentional and malicious, but the larger percentage is accidental and unintended, the result of employees’ ignorance about data protection policies or their willingness to skirt policies in order to work more productively.
We use software to manage malicious content in the same way we have airbags in our cars. We hope that we will never have to use it, but that if we do, it will work to save our lives. The real threat is that we don't manage our software as well as our cars, we rarely, if ever, test it, and we drive on roads that are not suited to us. So then, does our software provide us with any real protection? Do we need to look beyond the feelings of security our products may engender?
Mobile devices are not new – the first PalmPilot was created more than a decade ago. Managing the security issues related to mobile devices is also not a new problem – the first publicly disclosed vulnerabilities in Palm OS happened in 2000, with Windows CE and Symbian following soon thereafter. The first proof-of-concept virus for a mobile phone was demonstrated in 2004.
What is new is the level of penetration of mobile devices into the corporate workplace.
What is new is the level of penetration of mobile devices into the corporate workplace.
In this day and age, businesses are finding it hard to remain competitive. With the advent of the now ubiquitous superstores seemingly on every street corner, that task seems even harder.
So let's say a business is looking at putting in a new computer system. Maybe a new high-speed wireless network to replace its old one? Or perhaps upgrade the existing mail server? One would expect that computer standards, either defined or de facto, would be of great help to make these solutions come together and work seamlessly.
So let's say a business is looking at putting in a new computer system. Maybe a new high-speed wireless network to replace its old one? Or perhaps upgrade the existing mail server? One would expect that computer standards, either defined or de facto, would be of great help to make these solutions come together and work seamlessly.
"Unless you are certain you will never have an information security incident or IT security breach, you need an incident response plan."
10 second CEO summary: A good Incident Response Plan should reduce the cost of incidents and increase the speed of recovery. Ask your CIO if they have a formal Incident Response Plan, and when it was last tested. If they don't have a plan, and if it hasn't been either used or tested in the past six months, you could be spending more on security incidents than you should.
10 second CEO summary: A good Incident Response Plan should reduce the cost of incidents and increase the speed of recovery. Ask your CIO if they have a formal Incident Response Plan, and when it was last tested. If they don't have a plan, and if it hasn't been either used or tested in the past six months, you could be spending more on security incidents than you should.
More Articles...
Page 4 of 6
Login
Latest Video
Implementing Access And Change Control For Group Policy
Portal Switch
Switch to the Convergence & Collaboration Portal.