This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml



Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

The dangers of reactive security, 13.12.04


How to be security proactive according to Computer Associates Executive Security Advisor Diana Kelley during an Infosecurity New York conference presentation last week.:

Step 1: Understand business and technology requirements

What is your business trying to do? What technology do you need? Are you geographically distributed?

Step 2: Understand the constraints

Think legacy systems, processes and policies. Mainframes, client/server applications, DOS-based applications. What is of value to your business? What's the cost of loss?

Step 3: Select the right technology

Technology is about getting business done. Build detailed requests for proposal based on the above requirements. Know what you need before you talk to a vendor.

Step 4: Build a plan

Based on the above information, create an action plan. Inventory and assign value to the assets and protect them around business needs. Buy-in from all interested parties is important.

Step 5: Test and train

Systems, applications and people have a tricky way of behaving in production environments. Before roll out ensure that the solution works within a relational context. Untrained users are one of the biggest vulnerability vectors. Get sign off. Consider 'human' ways to engage the entire organization in the security process.

Step 6: Implement

Roll out new solutions and processes into production. Communicate changes clearly to affected parties. Manage and monitor effectiveness of the solutions. Use reporting and metrics as proof points.

[And what were the dangers?]

"Reactive security is like the little Dutch boy plugging holes in a leaking dike," said [...] Kelley. "Eventually you're going to run out of fingers."

Essentially, reactive security fails to protect, fails to respond in time, doesn't meet compliance regulations and is an example of overspending while under-protecting assets, Kelley said.


Post a Comment



Integrity Incorporated

Site Feed

 Feedblitz email:

 RSS: http://linkingintegrity.blogspot.com/atom.xml

"We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
Compromise need not mean cowardice. .."

John Fitzgerald Kennedy, "Profiles in Courage"


07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08