Protective Security Measures


Implementing protective security measures begins with the employees . As discussed earlier, the largest threat to information security originates from internal sources. Implementing hardware and software security measures will have little effective impact in securing the infrastructure if the internal threats are present.

Education Programs

It is necessary to educate the employees of the organization. An approach to educating the employees is through a stepped education model. This model is comprised of several steps of education and training.

The first step is usually designed as a broad stroke to capture and articulate the purposes and strategy behind securing information. It should include basic techniques that all users should abide by and the repercussions for failures in compliance. At the conclusion of this training, it is advisable to have employees sign user agreements that specify acceptable and unacceptable computer use and prohibited activities.

The second step is usually tailored toward the functional perspective. This training should cover the functional and departmental specific security actions that employees must take to minimize security threats.

Other training should be designed that educates information security officers within each department and network operations personnel. The network operation personnel should be trained continuously on information security strategies that are up-to-date on the current threats and vulnerabilities.

Security Officer Appointments

A chief information security officer (CISO) should be appointed who is responsible for designing and monitoring the information assurance strategy of the firm. It is recommended that this officer not be the designated chief information officer or information management officer to avoid conflicts of interest. The CISO should report to the chief executive or director of the organization.

The Security Enclave

A security enclave is comprised of the infrastructure components within a firm that is protected by security mechanisms. The security mechanisms protect the enclave from both electronic intrusions, as well as from physical intrusions by unauthorized entities.

Security guards and doorway control mechanisms such as locks can protect physical intrusions, and by placing computer operation centers that store data records in areas that are not easily accessed by windows or doorways in plain view.

Employing a combination of hardware and software mechanisms can protect electronic intrusions. These security mechanisms must be planned in detail to work effectively. Since implementing all the components of a security mechanism is costly and complex, it is advisable to implement the measures in a stepped progression. Measures that address the broadest spectrum of vulnerabilities are usually the most effective means of securing the infrastructure. Examples of such a broad stroke include antivirus programs and firewalls. These measures are typically the foundational steps in building the enclave. Once they have been effectively implemented, further steps can be taken to fortify the enclave, such as installing access control mechanisms, intrusion detection systems, and so forth.

The brief descriptions below explain the major components of a security enclave.

Antivirus Protection Software

Antivirus protection software represents the bare minimum of every security enclave. Antivirus software is usually installed on every client computer. The antivirus software signature files must be maintained up-to-date on a regular basis to work effectively.

Software Management Servers

Software management servers (SMS) serve the purpose of pushing operating system software updates to client computers located on the network. The operating system software must be maintained up-to- date to limit the vulnerabilities that are discovered on a continuous basis by the manufacturers. When update patches are available from the manufacturer, the SMS can push these updates to each machine, ensuring that the latest version of the operating system is utilized.

Firewalls

Firewalls are security mechanisms that grant or prevent access to internal resources requested from outside the security enclave such as the Internet. Firewalls are similar to a gangplank of a ship. Users that hold the requisite authorization to access resources inside the enclave are granted access. Users that do not have the requisite authorization are denied access to the resources inside the enclave. Firewalls are in two forms and are often used in conjunction with one another. One form of firewall is an actual piece of computer hardware. The other form is software based. Firewalls can also be configured on individual client machines. This type of firewall is ideal for users that work remotely outside the firm s security enclave.

Access Control Mechanisms

Access control mechanisms serve the purpose of requiring users to present credentials before being granted access to information resources inside the security enclave. The access control mechanism is usually comprised of a server loaded with an access control application. The access control mechanism is often transparent to users. Typically, users are issued credentials based on user role groups. Access control can also be configured to require authentication during each session, usually in the form of a username and password combination. Successful username and password combinations are granted access to the requested resources. Access control mechanisms are effective in deterring data theft from unauthorized internal and external threats.

Intrusion Detection Systems

Intrusion Detection Systems (IDS) are extremely effective when regularly monitored and configured properly. The inter-workings of intrusion detection systems are highly guarded and should be held in strict confidence. Most IDS systems record all transactions within the security enclave and requests from outside the enclave. Trend analysis is performed on the transaction logs to identify inconsistencies and/or irregular activities and transactions. Additional scrutiny is placed on network transactions from outside the security enclave. Intrusion detection systems are effective in deterring data theft from unauthorized internal and external threats.

Encryption Mechanisms

Encryption mechanisms serve to protect data during transmission. Encryption applications must be installed and configured on both the sending and receiving computer. During a data transmission, the sending computer encrypts the data before transmitting. Upon receipt of the encrypted data, the receiving computer decrypts the data. Encryption mechanisms are based on numerous proprietary algorithms. The more complex the algorithm, the more secure the data transmission; however, the performance of the computer will degrade with an increase in algorithmic complexity. Encryption mechanisms are effective against packet sniffing outside the security enclave.

Network Disconnect Devices

Network disconnect devices are mechanisms that immediately disconnect telecommunications between the security enclave and the external environment. In the event of an intrusion or denial-of-service attack, telecommunications can be disconnected immediately without causing serious damage to the network systems inside the enclave. Network disconnect devices serve the same effect as physically unplugging telecommunications or powering down computer equipment without causing serious damage and data loss. Network disconnect devices are usually comprised of both hardware and software in a single unit. Control of the disconnect command is usually activated manually or by threshold signals from intrusion detection systems. While the security enclave is disconnected, the organization cannot communicate outside the enclave but it can enable the security professionals to diagnose and possibly resolve the vulnerability to defend against the threat before reconnecting telecommunications.




Information Technology Security. Advice from Experts
Information Technology Security. Advice from Experts
ISBN: 1591402484
EAN: N/A
Year: 2004
Pages: 113

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net