Securing Your Information in 2011, Part 1

As 2010 draws to a close, a new year is dawning. However, a new year brings with it new challenges in information technology, especially with regards to security. Carl Herberger, Vice President of Information and Security Compliance Services at Evolve IP, recently presented a Web Forum for IMF members in which he discussed several key information security activities for 2011. In this 3 part series, we will take a look at these activities in a little more detail.

1. Revisit Your Malware Defense

Issue: The repercussions of a malware attack on your networks, key business applications, phone, or email systems could be catastrophic.

Considerations: a) Has an IT penetration analysis been conducted to test your platforms; b) have incident detection methods been implemented and evaluated for effectiveness?

2. Monitor Social Networking and Web 2.0

Issue: To recognize the risks, we must understand the attributes of social media- no predefined structure in content or delivery; no bona fides verification checks for participants; fast and flowing information with very little-to-no technical security.

Common Web 2.0 Vulnerabilities: Cross site scripting (XSS), injection flaws, phishing, information leakage, malware insertion.

3. Re-architect the Security Parameter

Issue: Perimeter security architecture is proving inadequate for numerous threats and vulnerabilities including, most notably, regulatory compliance to protected data loss.

Considerations: a) Has your architecture been reviewed for adequacy, efficiency, and extensibility; b) is there a robust vendor management technology compliance program in use; c) what is being done to increase awareness of social engineering attacks?

Look for part 2 next week which includes incident response and securing your mobile devices. We wish all of our members and their families a Happy Thanksgiving.