Visit www.barracudasecurity.com

Visit www.barracudasecurity.com

Legend

Location Of Theft in AQUA BLUE
URL Of Linked Article In STEEL BLUE or GREEN
Full Content Of Article In BLACK
Theft Description In Body Of Article in RED

Tuesday, January 02, 2007

US INTERESTING COMMENTS ON SECURITY FROM ITTOOLBOX BLOG SITE Looking for guidance for a career in IT Security - ITtoolbox Groups:

"Re: Looking for guidance for a career in IT Security"
Posted by Ron Solecki on 1/1/2007 9:08:00 PM


1)Security at OS level 2) Security at network level.



IT Security is based on three aspects:
Integrity
Availability
Confidentiality


Those 5 items are a start, briefly here are some more areas to
consider when talking about information security:

3) People: they cause the security vulnerabilities and they take
advantage of the security vulnerabilities and other people.

4) Application: the network and OS support the application, if the app
is not designed securely, then it will bleed out confidential
information to anyone who askes (over the secure network and OS).

5) Physical: even if everything else is done correctly, if you have
your server located under the receptionists desk at the front door.
Anyone can walk in, unplug it and walk out with your secure OS and
application containing all of your data

6) Policy & Procedure ( & Enforcement): if everything else is
secured, if there is no policy saying people can and can't do certain
things, then data is going to leak. For example:
- letting people run their own insecure 'home' business on corporate
computers, opens the corporate data to leaks
- letting people take unencrypted data off site, means it can be lost
- letting make unapproved changes to computing environment (OS,
network, Apps...) can open up security vulnerabilities
- A few years ago the Royal Bank (of Canada) had 2-3 days of ATM
down time because one person skipped just one step in the approved
go-live procedure, causing a network failure.

Sure you can specialize in any one of these areas, but that has
already been done to a certain exent. Yes more can be done at the
individual level, but one area that is not well covered yet is the
overall management of information. Someone must be knowlegable and in
place to ensure that everyone at the bottom is doing their jobs
correctly, all of the time. It only takes one little slip for data to
leak.

Posted by Nodrog at 11:18 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)