$BlogRSDUrl$>
linking INTEGRITYIntegrity - use of values or principles to guide action in the situation at hand.Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR. The dangers of reactive security, 13.12.04
SearchSecurity.com
How to be security proactive according to Computer Associates Executive Security Advisor Diana Kelley during an Infosecurity New York conference presentation last week.:
Step 1: Understand business and technology requirements
Step 2: Understand the constraints
Think legacy systems, processes and policies. Mainframes, client/server applications, DOS-based applications. What is of value to your business? What's the cost of loss?
Step 3: Select the right technology
Technology is about getting business done. Build detailed requests for proposal based on the above requirements. Know what you need before you talk to a vendor.
Step 4: Build a plan
Based on the above information, create an action plan. Inventory and assign value to the assets and protect them around business needs. Buy-in from all interested parties is important.
Step 5: Test and train
Systems, applications and people have a tricky way of behaving in production environments. Before roll out ensure that the solution works within a relational context. Untrained users are one of the biggest vulnerability vectors. Get sign off. Consider 'human' ways to engage the entire organization in the security process.
Step 6: Implement
Roll out new solutions and processes into production. Communicate changes clearly to affected parties. Manage and monitor effectiveness of the solutions. Use reporting and metrics as proof points.
[And what were the dangers?]
"Reactive security is like the little Dutch boy plugging holes in a leaking dike," said [...] Kelley. "Eventually you're going to run out of fingers."
Essentially, reactive security fails to protect, fails to respond in time, doesn't meet compliance regulations and is an example of overspending while under-protecting assets, Kelley said.
CommentsPost a Comment
Archives07.03 08.03 09.03 10.03 11.03 12.03 01.04 02.04 03.04 04.04 05.04 06.04 07.04 08.04 09.04 10.04 11.04 12.04 01.05 02.05 03.05 04.05 05.05 06.05 07.05 08.05 09.05 10.05 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 08.06 09.06 10.06 11.06 01.07 02.07 03.07 04.07 07.07 08.07 09.07 10.07 05.08 06.08 |