Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] infosecMag, 6.4.03: Lessons of War - Security is all about windows of opportunity,
Noch ein dehype in einem Kommentar des Infosecurity Magazine: Das Horn der 
Cybergefahren würde nur von interessierten Herstellern geblasen, 
wahrscheinlich dagegen sei nur "cybernuisance". Ein karriereinteressierter 
CSO habe jetzt gute Chancen, sich sein Budget erhöhen zu lassen, wenn er 
das Gefahrenlied mitsänge.

April 2003
Lessons of War
Security is all about windows of opportunity.
BY Andrew Briney
A lot of vendors are using the war in Iraq as a platform to trumpet the 
threat of cyberterror (or cyberwar, or whatever they call it). Sorry to be 
a party pooper, but this is a convenient excuse to convince you to buy new 
stuff, whether you need it or not.

I won't discount the possibility of a cyberwar component to Gulf War II. 
But it's far more likely that the impact will be along the lines of 
"cybernuisance." A couple of viruses, some Web defacements, maybe a DoS or 
two. Nothing you can't handle or aren't already prepared for.

War has a unifying effect on people. Like everyone else, your managers 
have a need to "do something." The risk is that, lacking your guidance and 
input, they'll throw money at stuff you don't really need. Meanwhile, 
you'll have missed your opportunity to shore up one of the most-often 
overlooked areas of infosecurity: business continuity planning. 

Media protection, storage, backup. The CISO of a Fortune 500 firm recently 
told me that his data ops guy, in a cost-cutting maneuver, has been 
overwriting backup tapes 200 times instead of the manufacturer-prescribed 
20. The CISO is now using the war and the continued threat of physical and 
biological terrorism to convince his higher-ups that this is not exactly 
an area they should be skimping on.
DR and physical security.A recent Gartner Dataquest survey shows that only 
about half of all organizations have a crisis management team. When's the 
last time you did a structured walk-through test with department managers? 
When's the last time you audited the physical security of your data 
centers? When did you last check the fine print in your DR reciprocal 
agreement? What are you waiting for?
The human element.Employees are the last line of defense in most security 
matters. If you haven't already, send out an all-company bulletin from 
someone high up in management about the importance of facility access 
control and simple security awareness. Reinforce the importance of 
preventing "piggybacking" or "tailgating" into secure areas. Religiously 
enforce package delivery policies--when, where, who. Tell employees it's 
OK to ask, "Who are you?" or "Can I help you?" Ounce of prevention and all 
that. Also, probably not the best time for your CIRT team leader or 
response staff to go on vacation.
Monitoring and scanning. It won't hurt to set your IDS alert threshold 
down a notch or two. What may have been a low-priority alert 1,000 times 
before may now be the start of something real and serious. Of course, your 
patience level for false positives will also need to increase, as will 
your effort to verify that they are, after all, false.
If you're still not convinced, keep the following story in mind. After 
Sept. 11, most companies took a hard look at their security program, both 
digital and physical. In one case, the CEO of a company told the CSO that 
he wanted personal bodyguards. The CSO told him, in effect, that that was 
silly and unnecessary. 

A couple weeks later, the CSO was demoted--not because he didn't support 
the bodyguard idea, but because he didn't respond to the CEO's need to "do 
something" in the wake of the terrorist attacks. True story.

Security is all about windows of opportunity. Our adversaries live by this 
rule. So should we. The best time to ask for more budget is right after 
you've been hacked. And the best time to shore up your business continuity 
plan and security awareness program is when the threat of discontinuity is 
most visible. Whether that threat ever materializes is inconsequential. 

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.