workable strategy effective security policies

Managing growTh in enTerprises: securiTy
The Best Defense With technology and threats evolving, network managers must collaborate with business managers to craft effective security policies.
GIVEN THE CORPORATE ATTENTION paid to enterprise risk management these days, it’s hardly surprising that network security is becoming a high priority for IT executives. In a recent survey examining the views of technology managers for the 2007 Business Continuity Study, 56% of the respondents rated cybersecurity as a top or important concern. Network security is serious business for senior managers as well. But with corporate IT budgets expected to increase only 3% next year, IT managers will probably need to continue to operate with tight security budgets. Therefore, security-conscious CIOs must work in tandem with business associates to deploy robust—yet affordable—systems that safeguard corporate networks from intruders. Such a proactive approach involves maintaining New technologies and exible work environments raise security risks. an arsenal of powerful security tools. But experts say that network firewalls and access controls, which re- strict system access to only authorized individuals, constitute merely the first line of defense. “Constructing internal firewall restrictions making this decision, CIOs will get the best results by listening to what business managers have to offer. After all, a locked-down net- based on security best practices and usability is key,” says Jacques Erasmus, director of malware research at Prevx, an antivirus soft- work may be crucial, but if a security plan is not consistent with the goals of a company, it is destined to be ignored. ware publisher. “Once this has been done and audited for resilience, you can move on to the next stage.” CORBIS For many companies the next step involves figuring out who should—and should not—have access to its network. When Solid Solutions To avoid problems, IT managers must actively engage line managers and operational executives when crafting plans for network
security. Getting basic IT approaches approved by senior managers can be reasonably simple. But finding support for more involved or more time-consuming plans requires a bit more time, effort and cooperation. Many companies, for example, still do not have programs establishing key roles and responsibilities for IT personnel. Likewise, only a small number of corporations have standardized pro- active monitoring, remediation or response procedures that address immediate security threats. “Companies simply do not have the foundation in place,” says Alex Zappani, director of information assurance for IT solutions provider AMERICAN SYSTEMS. Now is a good time to start pouring the concrete. Emerging technologies, such as wireless networking (third-generation cellular systems and WiFi), mobile devices (smartphones, PDAs and laptops) and portable storage devices (USB memory sticks and media players), are exposing companies to new security threats. More flexible work arrangements, including telecommuting and global outsourcing, are also raising the need for more stringent standards. Coping with this welter of security challenges requires a steadfast commitment to IT security all along the corporate line. While stories about the difficulty of getting management buy-in are legion Management must work with employees to develop and understand the importance of security in the network. in the IT universe, it’s hard to understate the importance of lining up allies when developing a security plan. “There are management “Management has to acknowledge that security is important to the organization from a brand, reputation and operational stand- solutions to technical problems,” Zappani points out. “But there are no technical solutions to management problems.” point,” says Jeffrey Camiel, director of technology risk management at Jefferson Wells International, a professional services firm. A Workable Strategy The first step toward developing a workable strategy, experts say, is to show stakeholders what might happen if a network is breached. “Without that commitment, security will never get embedded in the culture.” proTecT Those asseTs Enlisting support from senior decisionmakers, therefore, requires hard numbers. Here again, IT managers get the best results when they work with business managers. Together, they should identify iT heads worry about network security.* the business assets that are most valuable to a company’s operations. Then they need to estimate what the impact on those assets would ASIA IMAGES GROUP/VEER • 33% say major breach could put them out of business • 70% say major breach could seriously damage brand • Average cost of data leakage >$1.82 million * Survey of ,408 corporate It decISIon-makerS. more than one reSponSe poSSIble per queStIon. Source: mcafee and datamonItor, “datagate: the next InevItable corporate dISaSter?,” July 007 be if they were compromised and, of course, the cost of repairing the damage. Consultants advise clients to quantify the expense of recovering data, as well as the potential financial hit to a company’s image that may result from lost or stolen information. That number, they note, should include potential regulatory fines and legal fees.
According to Steven Gordon, a professor of information technology management at Babson College, armed with those figures “the case down business applications on them, while others are installing arcade games. While well-intentioned, an outright ban may actu- for being proactive will almost always be overwhelming.” ally decrease a worker’s productivity. To strike the right balance, consultants advise corporate clients to include periodic awareness training as part of an overarching network secu- Security is important to the organization from a brand, reputation rity program. “That will help increase employee awareness of the dangers of nonstandard tech- and operational standpoint. nology,” notes Zappani. Indeed, Doug Jacobson, director of Iowa State University’s Center for We Have Met the Enemy The good news is that employees who champion the cause of network security are performing a huge service for shareholders. Information Protection, believes that management must coach workers to be on guard for any potential threat to corporate networks. “All employees need to be aware of their role in protecting whatever the company considers to be important,” he says. “The reality is, you can’t expect your employees to guard A corporate network and its contents are assets, and protecting assets is one the prime responsibilities of officers and directors. things they don’t know they should guard.” Better yet, establishing companywide security practices enables a business to exploit innovative technologies—rather than be exploited by them. Indeed, setting up a comprehensive network security program gives a company a leg up over less-enlightened Which one do you regard as the most significant threat? And second most significant? Third?** competitors. As any line manager will attest, you can’t sell if the computers are down.
Of course, no IT security plan will work if employees are left out of the loop. Managers at some businesses have crafted policies that cover how and in what context computers and software can be used. Putting together such guidelines requires forethought and a skilled touch. The goal is to achieve maximum security without 20 impinging on employee performance. As many companies have discovered, that can be a real balanc- 0 Viruses and worms 74% Remote workers 17% ing act. Barring so-called rogue technologies, for example, would seem like a no-brainer. USB memory sticks and media players, Hackers SPAM 45% 37% Denial of service attacks Competitor espionage 15% 9% which double as portable hard drives, can introduce malware into enterprise systems or to copy-protected data. But many employ- Internal sabotage 30% Terrorist attacks 8% ees rely on such devices to back up work files or transport data between home and office. As thumb drives become more capa- An internal accident Customer, partner, 29% 22% Other Don’t know/none 3% 7% and/or vendor access to internal systems cious—and less costly (a 4GB memory stick can be purchased for less than $40)—employees are discovering all sorts of clever uses. **Totals to more than 100% due to multiple responses. Some are using them as portable hard drives or running stripped-
In cities, towns and remote locations, mini satellite dishes point attentively to the Southern sky. Emblazoned with names like DirecTv, ExpressVu, DirecWay, Web Conferencing, iNetVu, Linkstar, XM Satellite Radio, Sirius Satellite Radio iDirect their numbers are growing at an amazing rate. Iridium Satellite Phone is the only provider of truly global satellite voice and data solutions with complete coverage of the earth (including oceans, airways and Polar Regions). Get the latest buzz on Free satellite tv systems - including the features and benefits that make them today's ultimate television viewing experience.(Get Dish) Ever wonder why these satellite dish systems are in such great demand? Does high speed internet service or digital television programming via satellite intrigue you?
If you've never heard of Cheap VoIP, get ready to change the way you think about long-distance phone calls. VoIP, or Voice over Internet Protocol, is a method for taking analog audio signals and turning them into digital data (IP packets) that can be transmitted over the Internet.