Security as a Process

IT security is no longer an event or part-time assignment for corporate and government organizations. It has become a continuous process every second of every day, from both the technology and management perspectives. Most executives of small companies are unaware that their corporate firewall is probed hundreds of times a day by automated attack tools. Financial services and government firewalls are often probed tens of thousands of times every day.

These attack tools ” many are available for free through the Internet ” can be deployed with a few mouse clicks against millions of systems. Once they find an unprotected or poorly protected system, the tools record IP (Internet Protocol) addresses and other information useful to hackers and crackers in exploiting the system or network for valuable data. Hackers may also turn the system into a denial-of- service (DoS) zombie to flood targeted systems with millions of messages and impair their ability to process and transmit legitimate information.

A strong security process contains several layers of operational functionality, including:

• External and internal access control points such as firewalls

• Strong user authentication for access and downloading

• Audit logging user network, system and information access

• Data encryption processes are applied where possible

• Using trusted partners for data exchange purposes

• Immediate installation of currently available software patches

• Training of internal and external users about password controls and unauthorized information access

• Physical security for equipment rooms, software backups and hardcopy documents

• Management policies for unauthorized usage, management monitoring and user privacy expectations

• A root cause analysis process for determining what happened when unexpected events occur

• A secure and comprehensive information and service recovery plan that can be immediately triggered should a disaster occur

• Management escalation chains so that small problems are contained quickly, and larger problems get resources assigned quickly

These layers build upon each other in redundant and incremental ways to create a fabric of security. For example, a strong authentication policy can prevent unknown users from gaining access to networks and systems. Known users can log in and perform their work with an audit trail about what they did and when they did it. Data are only accepted from trusted external sources to prevent contamination of databases with visibly corrupt ” or worse , semi-valid ” information.