Posts Tagged ‘IT Security’

« Older Entries

Take Advantage of a Tiered Network

December 15th, 2011

Advance Persistent Threats are a challenge to any IT organization. Security’s rapidly changing landscape makes the problem that much more difficult. Brent Conran, CIO and CISO for the U.S. House of Representatives, gave a presentation on APT at The IMF Fall Sr. Executive Roundtable in Baltimore back in October. He spoke about security operations today and provided some counter measures to combat these threats. Below is a brief excerpt from the presentation’s report on the advantages of tiering your organization’s network (Download the full IMF Report here):

“If your organization has a flat network you should really consider moving away from it. You constantly hear about the need to be agile these days. The reason a lot of companies are not agile is because they have these large flat networks. If you want to put a new piece of technology in you have to perform your risk evaluation process based on the entire network. If you tier your network (fig. 4 page 11) it allows you to look at stuff on the internal enclaves as a different risk model than perhaps something out in the DMZ. The House has tiered a lot of their networks now. They have made the decision to let people do a lot more in the middle or out in the DMZ but they are going to be extremely cautious about anything that enters those internal enclaves. The enclaves contain the payroll system, HR system, and Remedy among other things. They have found that utility architecture saved a lot of money because they are not building point solutions each time. If a new technology is introduced with a web tier, app tier, and data tier it can snap in pretty seamlessly because the infrastructure is already in place. In other words you are just integrating a new application as opposed to buying all of those components.

At this point your conversations will focus on needs and fees, not the cost of building a new point solution. This tiering system has helped the House of Representatives become more agile and benefit its members, staff, and constituents. They receive better information because when a new technology becomes available IT will let it go a lot easier. The House recently installed Skype but without that tiered network environment it probably would have never happened. With that tiered architecture they were able to push a lot of stuff further down into their enclaves, thus making it much easier to bring in Skype…”

Join us this February for our Sr. Executive Retreat at One Ocean Resort Hotel & Spa in Atlantic Beach, FL. Visit the meeting page for more details or view the current agenda.

No comments »

Posted in IT Innovation, IT Security, Member Identified Trends, Strategy

Tags:

Young IT Professionals Making Their Own Rules

December 14th, 2011

As a young professional myself, I find the results of Cisco’s study on Generation Y’s view on IT policies interesting. I’m sure they may cause CIO’s and IT Managers to do a double-take as well. Seven out of ten employees admitted to breaking IT policies with varying regularity. They say their company’s social media policies are outdated. Why are they breaking those polices? Here are a few of the answers:

-          22% cite the need to access unauthorized programs and apps just to get their job done

-          18% admitted the policies are not enforced

-          18% don’t have the time to think about policies when they are working

-          16% said it’s not convenient

-          15% forget

-          14% do it when their bosses aren’t watching them

Now clearly young professionals should be responsible and abide by the rules. However, I think the problem here lies more at the other end of the spectrum, with management. Outdated policies, lack of enforcement, and probably inadequate education on the rules seem to be the major contributors. I don’t think we need babysitters by any means but you have to have some kind of watch dog in place for enforcement purposes. Young people will push the boundaries for better or worse. In their eyes they there trying to be more efficient and there is no malicious intent. If you do not set standards they have no problem setting their own standard and riding that until someone says “no.”

Outdated policies are never a good thing but that is easy to understand because of IT’s rapidly changing landscape. Policies need to be reviewed on a regular basis. If you do not want these young professionals breaking the rules, perhaps give them some input in terms of what to include in the policy. Collaborate and make compromises to cut down on these issues. This also helps the 22% that said they need access to unauthorized programs and apps just to get their job done. I’m sure there are some sites they think they need access to but in truth they are not really necessary. On the other hand, how are they supposed to complete their work in a satisfactory manner if they do not have the proper tools at their disposal? Go ahead and give them the tools they need within reason and you will start to see these numbers drop.

No comments »

Posted in IT Executive Management, IT Security, IT Workforce, News, Strategy

Tags:

Teaming Up to Fight Cyber-Terrorism

November 11th, 2011

Cyber-terrorism is growing at an exponential rate. These attack groups today are more sophisticated, disciplined, and organized than ever. They are well-funded and aggressive to boot. Attempts at stopping a majority of these attacks have proven futile making the outlook bleak at best. Our best chance at taking down these cyber-criminals is a coordinated effort between the public and private sector. This team effort knows no boundaries either. It must be a global strike because these cyber-terrorists do not operate within a particular set of parameters. Exhibit A:

On Wednesday, the FBI announced a massive investigation in conjunction with international law enforcement agencies, private industry, and nongovernment organizations, which led to the charging of seven Estonian and Russian citizens for a widespread click fraud scheme that had infected more than 4 million computers and netted the group more than $14 million.“  Read Full Article

I encourage you to read the article because this is perfect example of the collaboration and teamwork it requires to fight cyber-terrorists. “This is what happens when the good guys make it work,” says Phyllis Schneck, Chief Technology Officer for Public Sector at McAfee.

No comments »

Posted in IT Security, News

Tags: