Final Words

When it comes to security, roles and responsibilities must be clearly defined. Because every company has a different support structure, these roles and responsibilities will vary (even for parallel divisions) between companies. The important part is that the roles are defined in writing and that each person on staff knows what he or she is expected to do.

When you put your staff's security roles in writing, it should become obvious when you have some areas like firewall procedures for which no one is taking responsibility. Had Global Chips taken that one step, Joseph and Carl could have spent less time reacting to break-ins. The situation at Global Chips was especially frustrating, because this simple oversight put their network into the sights of a persistent (and persistently annoying) hacker.

No network should ever be held hostage by a hacker. Of course, that is exactly what happened in the case of CloudNine Communications. After a sustained denial-of-service attack, one of the oldest ISPs in Britain closed its doors and handed off its customers to a competitor. Perhaps the saddest part of this tale is that the perpetrator has yet to be found something to think about when you're considering whether that upgrade to your firewall is really worth the cost

The whole point of a firewall is to keep out hackers. But the firewall has to be just one brick in a well-designed security structure. Left alone, without the support provided by clear roles and responsibilities, effective policies and procedures, and good maintenance, it won't stay standing very long.



IT Security. Risking the Corporation
IT Security: Risking the Corporation
ISBN: 013101112X
EAN: 2147483647
Year: 2003
Pages: 73

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net