In this knowledge Based Global E-conomy intruders to steel, damage or otherwise render  information unusable scan communication ports continuously, ISMS ISO/IEC 27002 sets the stage to manage the fundamentals for effective security of information and ISMS Auditing ISO/IEC 27001 the assessment of Information Security Management Systems. The number intruders is ever increasing with the value and access of information and the proliferation of technology.

Intrusion do not happen necessarily and exclusively from the outside, the threat exist internally (more than 50% happen from within he Firewalls) - studies performed by special groups and law enforcement indicate that at an alarming rate happen from within the VPN / firewall of your organization.

    Case in point, as early as 1983 (and historically going back to the 60's), an IT professional planted a bug in a well known telecommunication company in the South USA. This bug was designed to render useless the organizations data and traffic base. The triggering mechanism for this bug was the absence of this IT professional's pay check/payroll. Yet indeed happened and the organization operated blind for approximately 3 weeks with effects for 6 months.

While the major incidents hit the headlines, most go unreporting. This implies that the problem is far worst than reporting indicates, and at times in the interest to not letting know shareholders, users, and customers.

The number and frequency of attacks increases and have increased steadily as early as 1998. Not only software-platforms are being penetrated and attacked as well as firmware, which brings us back to our 1983 attack were including hardware components and peripherals were render useless.

The challenges does not rest with intruders (internal or external), with the advent of the advancement of technology budgets for security protection get cut or rationalized such that does not commensurate with the risk. A challenge that CIO and IT Professionals face continuously.

We herein provide some advice to reducing the risk of malicious intrusion:

  • Admitting that your company is vulnerable is primal.
  • Evaluate the risk and inform management, in laymen terms, what does it mean.
  • Develop a plan for advancement based on a robust and agile managerial system , focusing on prevention, while implementing a detection scheme, to continuously asses progression in reducing risk.
  • Keep updated to the discontinuance of technology and trends.
  • Provide the resources for the IT staff to stay on top of the latest issues relevant to virus, attacks and methods. Includes keeping in touch with your IT service and product providers, and unload patches frequently.
  • Hire external sources to periodically assist in your endeavour.

A network, and management, system is as robust as its weakest link. Security solutions are effective until the next hole is plugged. As the old adagio for backup goes... organizations are divided into two type those that keep backups and those that will loose data. In the world of network and security... those that have been attacked and those that will be attack...

 

 

 

ISO/IEC 27001 in a                       
 Knowledge Based E-conomyBack to Home Portal...