Network security review Archives - Foster Institute

Executives say their challenge is fighting viruses

Mike Foster — Thu, 03 Dec 2009 04:00:15 +0000

Before every IT Vital Systems Review, I always ask the executives what their challenges are. On a recent survey the CEO answered “fighting viruses.” That’s because it isn’t the executive’s job to fight viruses—that is the job of their IT professionals. It is the executive’s responsibility to protect the assets of the company, employees and clients.

The IT professionals can use tools like anti-virus, firewalls, application and OS patches, etc. Many IT professionals are not using the tools as effectively as they could, and frequently aren’t using them at all on one or more computers. None of the tools are “set and forget”—all of them have to be monitored.

I feel the executive’s real challenge is, “I don’t know how to help my IT professional fight viruses.”

Responsible executives:

Provide enough uninterrupted time for the IT professionals so the IT professionals can get their work done.
Allow ongoing training for the IT professionals to keep up with ever changing technology.
Hold the IT department accountable for fixing issues discovered during an audit.
Provide managerial support for policies that support security—such as forcing computer screen savers to lock after a period of inactivity.

The post Executives say their challenge is fighting viruses appeared first on Foster Institute.

Executives say IT security helps them sleep better

Mike Foster — Thu, 26 Nov 2009 04:00:37 +0000

Before every IT Vital Systems Review, I always ask the executives what having the audit will mean to them. The majority of the responses say something like, “I will sleep better at night.” The one I received today says “security provides peace of mind.”

That sounds like a good way to sum up things like “help protect the company from lawsuits, adhere to regulations, provide job security for employees, and protect our customer’s best interests.” Lots of people sleep better at night.

The post Executives say IT security helps them sleep better appeared first on Foster Institute.

Are You Prepared for an IT Security Breach?

Mike Foster — Sun, 14 Oct 2007 15:55:57 +0000

In 2006, the FBI partnered with 313 companies who agreed to be in a study about IT security. The companies came from various sectors, such as medical, education, transportation, manufacturing, and many more. Combined, these companies lost over $52 million due to various types of security breaches, including viruses, theft of proprietary information, network abuse, and data sabotage. That’s $167,000 plus per company! You certainly don’t want to be part of that loss.

The FBI asked these 313 companies why they believe more companies don’t report their security losses. Well, 48 percent of the companies in the study said that negative publicity would hurt their stock or image. Another 36 percent said their competitors could use the information to their advantage. I’m sure you could think of many more reasons.

So the costs of IT security breaches are real and devastating to many companies. But realize that there’s power in knowledge. That’s why you need to know what your potential losses are. Only then can you take the proper steps to protect your company.

To that end, I recommend that every company create a Security Incident Management Plan. In this plan you will write exactly how you will:

* Identify security incidents
* Contact law enforcement if appropriate
* Notify anyone whose personal information may have been exposed
* Protect and gather appropriate evidence
* Clean up the problems
* Put appropriate monitoring in place
* Identify lessons learned to better protect the system

Find out more information at:
www.csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf.

What are your thoughts on this topic?

The post Are You Prepared for an IT Security Breach? appeared first on Foster Institute.