[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] infosecMag, 6.4.03: Lessons of War - Security is all about windows of opportunity
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Noch ein dehype in einem Kommentar des Infosecurity Magazine: Das Horn der
Cybergefahren würde nur von interessierten Herstellern geblasen,
wahrscheinlich dagegen sei nur "cybernuisance". Ein karriereinteressierter
CSO habe jetzt gute Chancen, sich sein Budget erhöhen zu lassen, wenn er
das Gefahrenlied mitsänge.
-------------------------------------
http://www.infosecuritymag.com/2003/apr/note.shtml
April 2003
Lessons of War
Security is all about windows of opportunity.
BY Andrew Briney
A lot of vendors are using the war in Iraq as a platform to trumpet the
threat of cyberterror (or cyberwar, or whatever they call it). Sorry to be
a party pooper, but this is a convenient excuse to convince you to buy new
stuff, whether you need it or not.
I won't discount the possibility of a cyberwar component to Gulf War II.
But it's far more likely that the impact will be along the lines of
"cybernuisance." A couple of viruses, some Web defacements, maybe a DoS or
two. Nothing you can't handle or aren't already prepared for.
War has a unifying effect on people. Like everyone else, your managers
have a need to "do something." The risk is that, lacking your guidance and
input, they'll throw money at stuff you don't really need. Meanwhile,
you'll have missed your opportunity to shore up one of the most-often
overlooked areas of infosecurity: business continuity planning.
Media protection, storage, backup. The CISO of a Fortune 500 firm recently
told me that his data ops guy, in a cost-cutting maneuver, has been
overwriting backup tapes 200 times instead of the manufacturer-prescribed
20. The CISO is now using the war and the continued threat of physical and
biological terrorism to convince his higher-ups that this is not exactly
an area they should be skimping on.
DR and physical security.A recent Gartner Dataquest survey shows that only
about half of all organizations have a crisis management team. When's the
last time you did a structured walk-through test with department managers?
When's the last time you audited the physical security of your data
centers? When did you last check the fine print in your DR reciprocal
agreement? What are you waiting for?
The human element.Employees are the last line of defense in most security
matters. If you haven't already, send out an all-company bulletin from
someone high up in management about the importance of facility access
control and simple security awareness. Reinforce the importance of
preventing "piggybacking" or "tailgating" into secure areas. Religiously
enforce package delivery policies--when, where, who. Tell employees it's
OK to ask, "Who are you?" or "Can I help you?" Ounce of prevention and all
that. Also, probably not the best time for your CIRT team leader or
response staff to go on vacation.
Monitoring and scanning. It won't hurt to set your IDS alert threshold
down a notch or two. What may have been a low-priority alert 1,000 times
before may now be the start of something real and serious. Of course, your
patience level for false positives will also need to increase, as will
your effort to verify that they are, after all, false.
If you're still not convinced, keep the following story in mind. After
Sept. 11, most companies took a hard look at their security program, both
digital and physical. In one case, the CEO of a company told the CSO that
he wanted personal bodyguards. The CSO told him, in effect, that that was
silly and unnecessary.
A couple weeks later, the CSO was demoted--not because he didn't support
the bodyguard idea, but because he didn't respond to the CEO's need to "do
something" in the wake of the terrorist attacks. True story.
Security is all about windows of opportunity. Our adversaries live by this
rule. So should we. The best time to ask for more budget is right after
you've been hacked. And the best time to shore up your business continuity
plan and security awareness program is when the threat of discontinuity is
most visible. Whether that threat ever materializes is inconsequential.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.