SlideShare uma empresa Scribd logo

Security Feature Cover Story

T
Torrid Networks Private Limited
TecnologiaNotícias e política
1 de 9
Baixar para ler offline
Security IT Has The Cure Insecure For An Organisation! Ensuring the security of an organisation’s physical and digital assets is a complex task! It can't be achieved merely by building high walls of concrete around critical assets or by installing the latest IT security tools, feel experts. Here are some solutions that can help businesses keep this problem at bay! “Let us not look back in anger or forward in fear, but around in awareness.” — James Thurber Vandana Sharma BenefIT Bureau 10 / December 2009 / BenefIT
Security D uring the normal course of Security lapses may cost events, the focus of most a fortune! businesses is to manage day- Here are a few instances where to-day cash flows, increase market security breaches led to grave share, and so on. But there are times problems for organisations: when this equilibrium gets disturbed; • The infamous stamp paper scam is a major case of a security lapse. when some crack in the security “If state revenue departments— system shakes the very foundations which are under constant video of an organisation—damaging its surveillance and have a highly reputation, causing loss of data, trained security staff—could not prevent a class IV staff from taking assets or money. This leads to a battle out the stamp imprint, no amount of wits for business heads and CIOs of security and surveillance can (chief information officer), as most be considered sufficient,” remarks often they get caught unaware. Ghildiyal. This calls for an aware organisation and smart use of Rajat Agarwal, executive director, technologies to combat the threat. Bhorukha Aluminium, feels that • Soi shares more: “In June 2006, a businesses today are aware of the security breach at HSBC’s offshore security threats; yet it’s just not a data-processing unit in Bangalore top priority, especially when the led to $425,000 being stolen from the accounts of the bank’s UK organisation is small. However, if customers.” a small company wants to grow big in the near future, it must train Advt its team in the routine security Considering this, information security norms and processes and put in has become a necessity for both small place technologies, that aren't too as well as the big business units to expensive, to automate security secure itself from such threats.” procedures for data and resource But to be on guard and identify protection, and related to authorised vulnerabilities and threats; or to access, avers Ram Krishna Ghildiyal, look for security breaches and technical head, Sanvei Overseas, an simultaneously find tools and international IT-based surveillance solutions to prevent any damage company. from happening—isn't easy! To help Sundar Ram, vice president, our readers, we turned to various Technology Sales Consulting, Oracle organisations to understand the Asia Pacific, seconds the thought strategies that they have adopted to and adds: “Every organisation today, tackle this challenge. We also spoke to needs to cope with the key issue of experts to understand more about the securing its data, inventory, human vulnerabilities and the IT solutions resource, etc, from security threats. that are available. “ Information security has become a necessity for both small as well as the big business units to secure itself from such threats.” Sundar Ram, vice president, Technology Sales Consulting, Oracle Asia Pacific BenefIT / December 2009 / 11
Security Security planning: the issues, and solutions T he security domain is infinitely vast and aspects may need attention: complex and requires considerable planning, • Sensitive data or says Ghildiyal. But the key issue here is that information: Documents in small to mid-sized companies, security is still not including confidential reports/ given due importance and the top management do credit card information are all not accept it as a challenge that warrants a dedicated prone to security attacks, either from within the team of experts. Dhruv Soi, chair–OWASP (Open Web organisation or from the outside Application Security Project) India, agrees, “There world. is a sheer lack of security awareness in most Indian • Threats from within the firms. The security budget is often just 5 to 10 per cent organisation: Employees have of the total IT expenditure. Internal reports are often been known to steal sensitive vulnerable to manipulations. Improper/inadequate data from computers, laptops monitoring creates a big hole in security. Since or over the network using USB organisations refrain from spending on regular third- drives. Unsecured confidential party security audits, the real security position of the data can also be sent to the outside world, through e- company is never clear to the top management. In mails. Without solutions to prevent data leakage, it is scenarios like these, one infected system propagates hard to control it, says Soi. the infection to all the systems connected into the Apart from this, how a company treats its organisational network,” he adds. employees also plays a role, feels Milind Mody, CEO, Agarwal seconds the thought and adds that security eBrandz.com. He breakdowns are not easy to monitor unless regular cites a scenraio: investments are made in IT tools to secure different “Companies that aspects of the organisation. “Having an outsourced deal with their IT department with clear KPIs (key performance employees fairly, indicators)—one of which should be to monitor data earn their respect. security—can help. Apart from this, a thorough cost- However, there benefit analysis should be done before choosing the are organisations right combination of tools and technologies. Factors that delay giving such as threat level, size of the organisation, budget, employees their dues after they leave; that may etc, should be factored in,” he adds. sometimes upset an exiting employee, who could then try to steal data or, in general, act against the interests Identifying vulnerabilities of the company.” Mody suggests laying down clear Before we move on to exploring ways to deal with policies and procedures to deal with such challenges. security-related challenges, it is important to identify • Threats via the Internet: Another threat is from and understand the security vulnerabilities that may viruses*, malware*, spyware* attacks, etc, which may exist/affect an organisation at any point. The following damage, or result in the pilferage of organisational information. “ Security breakdowns are not easy to * •A computer virus is a computer program that monitor unless regular investments can copy itself and infect a computer. are made in IT tools to secure •Malware is a type of different aspects of the organisation.” software that can harm computers, such as Rajat Agarwal, executive director, Bhorukha Aluminium computer viruses and spyware. 12 / December 2009 / BenefIT
Security •Spyware is software that’s implanted into a computer system to gather information about a person or organisation, without the look-out to poach their knowledge. good talent. To deal • Unsecured network access: Intruding on the with this problem, organisational network and/or servers* by outsiders or Mody suggests: “If by disgruntled employees to pilfer sensitive data can your company has a occur at any moment, says Mody. board line or EPABX (electronic private *A server is a high-end/high-capacity computer that is required to run multi-user applications like organisational automatic branch e-mail, data back-up, storage, etc. exchange) system, make sure someone monitors • Critical/valuable physical assets: Physical incoming calls for external HR agencies trying to theft of devices like the mouse, headphones, USB poach employees.” But he agrees that there have been hard disk drives or cases where HR managers from competitive firms even cash can be have actually stood outside a company’s premises to another problem poach its employees. In such cases, it is difficult to do that organisations anything to prevent the practice. confront frequently, • Irregular processes: Non-adherence to security in the absence of policies is another vulnerability that a small and mid- adequate security sized company can face. Therefore, all companies systems, adds Mody. however small they may be, must plan for a periodic • Employee security audit and must invest in automated systems poaching: Another area where organisations may need rather than people driven systems. to be watchful is from competitors or HR agencies on Advt BenefIT / December 2009 / 13
Security Management-level solutions D eploying security tools is important, but, before they unwittingly create prior to that, having an organisational culture a security breach. And the third where both the management and employees advantage is, you can pursue are aware of the correct security policies and practices, the matter in court in situations is equally critical. Experts suggest having the following where a serious security practices to help organisations be better prepared for threat has been committed against the company, by an this challenge: employee.” Plans and policies to counter security Plan security as per the nature of the breaches business A company should have a security policy and a security Planning for organisational security is another important plan, to begin with, opines Ghildiyal. “A security policy task that depends primarily upon the nature of a business. must define a company's information and other assets, Ghildiyal agrees and says: “For knowledge-based its security needs, roles and responsibilities, the rights of companies that have Internet dependent processes, employees, and so on. A security plan on the other hand information is the most valuable asset. Such firms must may describe the procedures, tools and technologies consider information security technologies or solutions, that are required to implement the security plan,” like firewalls*, antivirus* or identity authentication he adds. In fact, a security plan can also include the systems*, etc. Similarly, companies that have large anomalies, special rights and data and asset recovery public assets must invest on surveillance technologies procedures to reduce the impact of a security lapse. like video surveillance, threat detection, etc.” However, some technologies like, “ antivirus, biometric* It is always good to clearly define the access and identity terms and conditions/policies related management are to proprietary or confidential data in uniformly applicable the employment agreements.” to all the companies as they provide the building Milind Mody, CEO, eBrandz.com blocks for security process implementation, he adds. *•A firewall is a software Employment agreements must be in tandem tool that enables IT managers to block unauthorised access even with security policies while allowing authorised communications. Mody feels that it is always good to clearly define the •Antivirus software can be used to make Internet access secure terms and conditions/policies related to proprietary and prevent the computer network of the organisation from getting affected by viruses like malware, spyware, etc. or confidential data in the employment agreements. “Also if an employee is working on projects for which •Identity authentication systems or devices help authenticate or verify the identity of a person or other entity requesting access the company has signed an NDA (non disclosure under security constraints. agreement), it should make sure that the employee •Biometrics is a technique used to recognise humans based upon also signs a similar agreement. Clearly mentioning a one or more physical or behavioural traits, like fingerprints, face few examples of what is considered as corporate data recognition, DNA, hand and palm geometry, iris recognition, theft, makes the agreement more well-defined. Get this voice, etc. agreement vetted by an attorney. This is a one time cost, but it has three advantages. First it makes sure that you Avoid complex policies have fulfilled your responsibility. Second it deters people It is one thing to lay down policies and procedures, from commiting unethical deeds and makes them think and it is quite another to implement those 14 / December 2009 / BenefIT
Security “ Security awareness training for end-users (like, people in accounts, HR, etc) and IT/ security staff is required, to equip them with the knowledge to protect themselves and the organisation from security threats.” Dhruv Soi, chair–OWASP (Open Web Application Security Project) India successfully. One key deterrent in of security products to deal with policy adherence is the complexity this challenge, the problems are of policies and procedures, caused by inadequately skilled believes Ghidiyal. He explains: or less-aware staff. Soi suggests “For example, most companies conducting training programmes implement a ‘password aging’ for IT staff to empower them policy, which demands all to tackle security breaches, employees and customers to effectively. He says: “Security change their computer and/or awareness training for end-users Advt Internet login passwords every (like, people in accounts, HR, three months. As the number administration departments, of such systems increases, it etc) and training for IT/security becomes more of a hassle for staff is required, from time-to- employees and then they start time, to equip them with the using easily breakable dictionary knowledge to protect themselves passwords* that are not only easy and the organisation from security to remember but can be uniformly threats.” Agarwal suggests having applied at all places that require regular seminars to discuss issues a password prior to access. Thus related to security. a theoretically sound system of ‘password aging’ actually creates a Better safe than sorry security hole in the system.” So it Agarwal feels that it is better to is best to adopt workable policies limit the use of e-mails and the that are simple and effective to Internet to only those who really implement and adhere to, in the require it. Also, he advises that long run. the IT managers should always monitor out-going attachments, •Dictionary passwords are simple or easily predictable variations of words as and when possible. Soi agrees used as login passwords.] and adds: “Regular log monitoring of servers, applications and Train your staff network devices is required Nearly 80 per cent of security to keep an eye on employee breaches occur due to weak IT behaviour, and also to take security systems. More than lack preventive actions.” BenefIT / December 2009 / 15
Security It’s Advantage, Unified help of Medley Marketing, New Delhi, one of the key Watchguard Threat Management Secure Partners in India (WSP). At Wadpack, ESS also Solutions! manages the entire IT requirements in addition to managing its ERP system. “Since With vulnerabilities in the digital world rising by the the Wadpack management minute, keeping organisation networks safe is becoming wanted to focus on growth, an acutely challenging task. Wadpack, a manufacturer profitability and operational efficiency, it decided to leave of corrugated packaging material, opted for a the task of efficiently managing comprehensive threat management solution that has the IT function, including IT been acting as a shield against the security menace. infrastructure security, to ESS,” says Narayanan. B “Since the Wadpack angalore-based Wadpack *[A UTM is an all inclusive is one of the pioneers in manufacturing corrugated management wanted security system that can perform multiple security functions. It can fibre board containers. The to focus on growth, functions as an all-in-one security tool—acting as a firewall, antivirus, company is quite tech savvy and profitability and anti-spam solution, VPN security tool, content filtering tool, and a lot is always on the look out for new operational efficiency, more. To know more about a VPN, concepts and technologies in the it decided to leave refer to the box.] packaging industry. Wadpack, which uses ESS’s the task of efficiently Easy to manage, and ERP ebizframe from its multiple managing the IT economical locations, wanted to ensure secured connectivity between function, including IT The major benefit of a UTM is that so many necessary functions branches. “ Ensuring the security infrastructure security, are combined into one solution. of data transacted through the to ESS.” This saves businesses time, ERP system was quite critical Sankaran Narayanan, money and hassles, affirms Anil finance controller, Wadpack for Wadpack, alongwith linking Bakht, managing director, ESS. its various locations. After a “Maintaining network careful analyses we opted for virtual private network or VPN,” security can often become the Watchguard unified threat says Sankaran Narayanan, finance complex and confusing, but management (UTM)* solution, controller, Wadpack. The solution when all security features are suggested by ESS, to secure our was implemented by ESS with the combined into one system, it is easy to see how all the functions are integrated and how they IT’s a networked world work together. Also, because it is coming from a single Most organisations work in networked environments these days where all computers are vendor, training and support connected, not only in one office, but across branches. This becomes an organisation’s for the entire system also comes virtual private network or VPN. Apart from this, these machines that’re connected over a VPN also connect with computers in the outside world or public network through the from a single vendor. A single Internet. Organisational networks are vulnerable to attacks as precious data traverses window solution helps reduce from one end to the other. This can leave a company’s operational resources, customer the hassles associated with data, proprietary tools and technologies, and intellectual capital in danger of being stolen, managing multi-vendor security misused, or vandalised by third parties. systems,” he suggests. 16 / December 2009 / BenefIT
Security Technology tools that may help B usiness units today have begun to look around information, which could be for solutions that can help them protect their their server room or where the software applications, like ERP CRM, etc, and also , accounts or sales team sits. their IT and data infrastructure, observes Ram. The selective application of Now, let us take note of a few IT tools that can help such devices can still be made. businesses to pro-actively deal with this challenge: Otherwise biometric devices cost two or three times more than RFID* (radio frequency identification) card-based Identity authentication tools systems, which are also a viable alternative. It is not possible to validate or authenticate the identity *RFID tags refer to small electronic devices that are made of all staff members or customers, up of a small chip and an antenna. The device can carry manually, every time they attempt to approximately 2,000 bytes of data. And, just as information can be retrieved or read from bar codes or magnetic strips access organisational information. This via a scanner or bar-code reader, RFID devices also require a is because small firms operate with less scanner to retrieve the information stored in them. resources, and manual authentication may lead to transaction processing delays. Information security tools To address to this problem, companies can opt for Companies that have online systems or processes and tools like biometric devices, which can validate the depend on data and information assets, must consider identity of an employee, by validating physical traits, information security technologies like firewalls, antivirus like fingerprints, vein patterns, etc and automate the software, information authentication, encryption* tools, process of allowing information or network access to only etc. authorised staff or customers, suggests Ghildiyal. Agarwal *Encryption is the process of converting information given seconds the thought and suggests: “This is a great option in plaintext into an unreadable format, which can be if you want to add an extra layer of security to certain decoded by a person possessing a special key/password to convert the coded text into plain text again. areas such as server rooms, electrical control panels, etc.” Mody however feels that while biometric devices are Mody shares details about solutions that his quite relevant for businesses like jewellery shops that company, eBrandz has adopted. “I personally feel that have precious assets, for a company with more than if an organisation has more than 25 PCs then antivirus 100 employees, such devices can be a real problem if are useless without a hardware firewall. Besides, most used at the entrance gate. He explains the flip side: “You firewalls have the antivirus component built into it. So will have a long queue of employees while coming in you do not need to invest separately on the antivirus. or going out of the organisation premises, either at the Not spending on such intrusion prevention systems start of the day or at lunch time. There is a school of (like, firewalls) makes mission critical systems and thought that claims that biometric devices help prevent information vulnerable to new attack variants, warns the buddy system that involved the problem of proxy Soi. Agarwal agrees and adds: “This works really well attendance. But I would advice keeping biometric devices to control and more importantly monitor the kind only at places where companies store their sensitive of information your employees have access to and also what they are doing with it (saving, e- “ mailing, copying to USB drives, sending to Companies that have large public competitors, etc).” assets must invest on surveillance Many a time organisations resort to using technologies like video surveillance, pirated software to avoid investing in buying original software. Soi cautions that use of threat detection, etc.” pirated software brings spyware to the system Ram Krishna Ghildiyal, technical head, Sanvei Overseas without the knowledge of user, putting the organisation information at risk. BenefIT / December 2009 / 17
Security Tools to safeguard physical assets The way the RFID tracker works for laptops Many organisations assign laptops to their workforce to enable them to keep in touch with the firm from RFID, a combination of radio-frequency-based and microchip anywhere, anytime. In such a scenario, the security of technology helps in identifying an asset. For tracking, an active RFID the laptops, which invariably carry crucial work-related tag of 1.5” (3.8 cm) to 0.765” (1.9 cm) is embedded into the laptop. information, is vital. The RFID reader has both the laptops' ID as well as the employee's tag ID associated with it. Each time a person passes Organisations can have encryption software installed through the main door/entrance gate where the reader is installed, on all the desktops and laptops to avoid the risk of data the tag in the laptop transmits the information stored in it, to the theft in case a computer is stolen/misplaced, suggests RFID reader. Interestingly, the presence as well as movement of Soi. There are two types of encryption tools. One type is a laptop is picked up from a distance of over 30 feet (9.1 meter). The ability to detect a laptop even if it is placed in a moving car used to encrypt files, digital documents or e-mails that enhances this system further. an organisation sends out to people, within or outside the organisation, over the Internet. The other type of encryption tool is used to convert the data on the hard work: “A network access control system prevents access to drive of a computer into an unreadable format, in such a organisational networks unless the connected computer way that it can’t be made readable again unless a password complies with a set standards.” is entered. This tool is useful to *•An organisation network comprises the local area network prevent data loss in the event of theft comprising a group of computers within the organisation premises or the loss of a laptop. or across its different branches connected to each other for the purpose of communication; the other type is a wide area network A RFID (radio frequency through which the organisation communicates with the world identification) asset tracking system outside, over the Internet. is another solution, which can help in •A Web server is a computer program that fetches content in safeguarding assets like laptops, or any other expensive the form of information, data, images, etc, from the Web pages available over the Internet and delivers it via a Web browser (like, devices. The RFID tracking system keeps track of assets Internet Explorer, Firefox, etc). whether placed within the bounds of the organisation or even when anyone moves out of the company gates. Surveillance tools Tools for network security Have CCTVs (closed circuit TV) cameras across the To ensure organisational network security*, a firm can entire premises to monitor physical threats (external/ disable the use of USB drives on PCs/laptops, advises internal). The devices enable not just real time Mody. “Apart from this, have your network configured monitoring but also keep records for future reference, in such a way that data of different departments are says Soi. Mody agrees and says that CCTV cameras are stored at different places. And, then allow access only to also a must for any organisation that has more than 25 authorised people. Some common data can be stored to 30 employees. “This will deter people from stealing centrally but in this case there is a need to have different devices or cash. In serious cases, it might help the police levels of access rights. track down culprits,” he adds. “Access to Web servers* also needs to be restricted only Aggrwal feels that having CCTV cameras is a good to a few select individuals. If an organisation uses Internet option for firms that are into manufacturing and need to based applications like SaaS (software-as-a-service)-based monitor labour movement and behaviour. “Firms can also ERP etc, make sure all such applications are protected , have CCTV cameras to monitor strategic locations,” he through some specific Internet-based restrictions.” observes. Currently, these devices are slightly expensive, Soi explains how network access protection tools but the cost is decreasing rapidly. Considering the kind of threats any existing or probable security Most importantly, firms should that security vulnerabilities expose loopholes, and then around them create a culture of monitoring and an organisation to, it would be wise to devise strategies and deploy observing safe practices to safeguard for firms to first look within, for tools to address security gaps. organisational assets.  18 / December 2009 / BenefIT

Recomendados

How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up EMC
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
Paradigm Shift! - Customer Information Centric IT Risk Assessments
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsParadigm Shift! - Customer Information Centric IT Risk Assessments
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsFernando Reiser
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelKoen Maris
 

Recomendados

How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up EMC
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
Paradigm Shift! - Customer Information Centric IT Risk Assessments
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsParadigm Shift! - Customer Information Centric IT Risk Assessments
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsFernando Reiser
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelKoen Maris
 
Organizational Resilience Forum 2012
Organizational Resilience Forum 2012Organizational Resilience Forum 2012
Organizational Resilience Forum 2012Abu Dhabi University Knowledge Group (ADUKG)
 
Research Paper
Research PaperResearch Paper
Research PaperBrian Kasha
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security RisksEnterprise Security Risk Management
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Joseph Schorr
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersMike Murray
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentse.law International
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-MaligecChristine Maligec, CRM-E, CRIS
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of securitySouthern Cross Group Services
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Swenson Group Vvma
Swenson Group VvmaSwenson Group Vvma
Swenson Group Vvmamhunter22
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
College Presentation
College PresentationCollege Presentation
College Presentationscottfrost
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmPriyanka Aash
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile SecurityRogers Communications
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 

Mais conteúdo relacionado

Mais procurados

Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Joseph Schorr
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersMike Murray
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentse.law International
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Swenson Group Vvma
Swenson Group VvmaSwenson Group Vvma
Swenson Group Vvmamhunter22
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
College Presentation
College PresentationCollege Presentation
College Presentationscottfrost
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmPriyanka Aash
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 

Mais procurados (20)

Organizational Resilience Forum 2012
Organizational Resilience Forum 2012Organizational Resilience Forum 2012
Organizational Resilience Forum 2012
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security Risks
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your Users
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documents
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcing
 
Swenson Group Vvma
Swenson Group VvmaSwenson Group Vvma
Swenson Group Vvma
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Brief
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 
College Presentation
College PresentationCollege Presentation
College Presentation
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff Crume
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 

Semelhante a Security Feature Cover Story

Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of SecurityKarina Elise
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Satyanandan Atyam
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetClear Technologies
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfEnterprise Insider
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 

Semelhante a Security Feature Cover Story (20)

White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awareness
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of Security
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended Team
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 

Último

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

Security Feature Cover Story

  • 1. Security IT Has The Cure Insecure For An Organisation! Ensuring the security of an organisation’s physical and digital assets is a complex task! It can't be achieved merely by building high walls of concrete around critical assets or by installing the latest IT security tools, feel experts. Here are some solutions that can help businesses keep this problem at bay! “Let us not look back in anger or forward in fear, but around in awareness.” — James Thurber Vandana Sharma BenefIT Bureau 10 / December 2009 / BenefIT
  • 2. Security D uring the normal course of Security lapses may cost events, the focus of most a fortune! businesses is to manage day- Here are a few instances where to-day cash flows, increase market security breaches led to grave share, and so on. But there are times problems for organisations: when this equilibrium gets disturbed; • The infamous stamp paper scam is a major case of a security lapse. when some crack in the security “If state revenue departments— system shakes the very foundations which are under constant video of an organisation—damaging its surveillance and have a highly reputation, causing loss of data, trained security staff—could not prevent a class IV staff from taking assets or money. This leads to a battle out the stamp imprint, no amount of wits for business heads and CIOs of security and surveillance can (chief information officer), as most be considered sufficient,” remarks often they get caught unaware. Ghildiyal. This calls for an aware organisation and smart use of Rajat Agarwal, executive director, technologies to combat the threat. Bhorukha Aluminium, feels that • Soi shares more: “In June 2006, a businesses today are aware of the security breach at HSBC’s offshore security threats; yet it’s just not a data-processing unit in Bangalore top priority, especially when the led to $425,000 being stolen from the accounts of the bank’s UK organisation is small. However, if customers.” a small company wants to grow big in the near future, it must train Advt its team in the routine security Considering this, information security norms and processes and put in has become a necessity for both small place technologies, that aren't too as well as the big business units to expensive, to automate security secure itself from such threats.” procedures for data and resource But to be on guard and identify protection, and related to authorised vulnerabilities and threats; or to access, avers Ram Krishna Ghildiyal, look for security breaches and technical head, Sanvei Overseas, an simultaneously find tools and international IT-based surveillance solutions to prevent any damage company. from happening—isn't easy! To help Sundar Ram, vice president, our readers, we turned to various Technology Sales Consulting, Oracle organisations to understand the Asia Pacific, seconds the thought strategies that they have adopted to and adds: “Every organisation today, tackle this challenge. We also spoke to needs to cope with the key issue of experts to understand more about the securing its data, inventory, human vulnerabilities and the IT solutions resource, etc, from security threats. that are available. “ Information security has become a necessity for both small as well as the big business units to secure itself from such threats.” Sundar Ram, vice president, Technology Sales Consulting, Oracle Asia Pacific BenefIT / December 2009 / 11
  • 3. Security Security planning: the issues, and solutions T he security domain is infinitely vast and aspects may need attention: complex and requires considerable planning, • Sensitive data or says Ghildiyal. But the key issue here is that information: Documents in small to mid-sized companies, security is still not including confidential reports/ given due importance and the top management do credit card information are all not accept it as a challenge that warrants a dedicated prone to security attacks, either from within the team of experts. Dhruv Soi, chair–OWASP (Open Web organisation or from the outside Application Security Project) India, agrees, “There world. is a sheer lack of security awareness in most Indian • Threats from within the firms. The security budget is often just 5 to 10 per cent organisation: Employees have of the total IT expenditure. Internal reports are often been known to steal sensitive vulnerable to manipulations. Improper/inadequate data from computers, laptops monitoring creates a big hole in security. Since or over the network using USB organisations refrain from spending on regular third- drives. Unsecured confidential party security audits, the real security position of the data can also be sent to the outside world, through e- company is never clear to the top management. In mails. Without solutions to prevent data leakage, it is scenarios like these, one infected system propagates hard to control it, says Soi. the infection to all the systems connected into the Apart from this, how a company treats its organisational network,” he adds. employees also plays a role, feels Milind Mody, CEO, Agarwal seconds the thought and adds that security eBrandz.com. He breakdowns are not easy to monitor unless regular cites a scenraio: investments are made in IT tools to secure different “Companies that aspects of the organisation. “Having an outsourced deal with their IT department with clear KPIs (key performance employees fairly, indicators)—one of which should be to monitor data earn their respect. security—can help. Apart from this, a thorough cost- However, there benefit analysis should be done before choosing the are organisations right combination of tools and technologies. Factors that delay giving such as threat level, size of the organisation, budget, employees their dues after they leave; that may etc, should be factored in,” he adds. sometimes upset an exiting employee, who could then try to steal data or, in general, act against the interests Identifying vulnerabilities of the company.” Mody suggests laying down clear Before we move on to exploring ways to deal with policies and procedures to deal with such challenges. security-related challenges, it is important to identify • Threats via the Internet: Another threat is from and understand the security vulnerabilities that may viruses*, malware*, spyware* attacks, etc, which may exist/affect an organisation at any point. The following damage, or result in the pilferage of organisational information. “ Security breakdowns are not easy to * •A computer virus is a computer program that monitor unless regular investments can copy itself and infect a computer. are made in IT tools to secure •Malware is a type of different aspects of the organisation.” software that can harm computers, such as Rajat Agarwal, executive director, Bhorukha Aluminium computer viruses and spyware. 12 / December 2009 / BenefIT
  • 4. Security •Spyware is software that’s implanted into a computer system to gather information about a person or organisation, without the look-out to poach their knowledge. good talent. To deal • Unsecured network access: Intruding on the with this problem, organisational network and/or servers* by outsiders or Mody suggests: “If by disgruntled employees to pilfer sensitive data can your company has a occur at any moment, says Mody. board line or EPABX (electronic private *A server is a high-end/high-capacity computer that is required to run multi-user applications like organisational automatic branch e-mail, data back-up, storage, etc. exchange) system, make sure someone monitors • Critical/valuable physical assets: Physical incoming calls for external HR agencies trying to theft of devices like the mouse, headphones, USB poach employees.” But he agrees that there have been hard disk drives or cases where HR managers from competitive firms even cash can be have actually stood outside a company’s premises to another problem poach its employees. In such cases, it is difficult to do that organisations anything to prevent the practice. confront frequently, • Irregular processes: Non-adherence to security in the absence of policies is another vulnerability that a small and mid- adequate security sized company can face. Therefore, all companies systems, adds Mody. however small they may be, must plan for a periodic • Employee security audit and must invest in automated systems poaching: Another area where organisations may need rather than people driven systems. to be watchful is from competitors or HR agencies on Advt BenefIT / December 2009 / 13
  • 5. Security Management-level solutions D eploying security tools is important, but, before they unwittingly create prior to that, having an organisational culture a security breach. And the third where both the management and employees advantage is, you can pursue are aware of the correct security policies and practices, the matter in court in situations is equally critical. Experts suggest having the following where a serious security practices to help organisations be better prepared for threat has been committed against the company, by an this challenge: employee.” Plans and policies to counter security Plan security as per the nature of the breaches business A company should have a security policy and a security Planning for organisational security is another important plan, to begin with, opines Ghildiyal. “A security policy task that depends primarily upon the nature of a business. must define a company's information and other assets, Ghildiyal agrees and says: “For knowledge-based its security needs, roles and responsibilities, the rights of companies that have Internet dependent processes, employees, and so on. A security plan on the other hand information is the most valuable asset. Such firms must may describe the procedures, tools and technologies consider information security technologies or solutions, that are required to implement the security plan,” like firewalls*, antivirus* or identity authentication he adds. In fact, a security plan can also include the systems*, etc. Similarly, companies that have large anomalies, special rights and data and asset recovery public assets must invest on surveillance technologies procedures to reduce the impact of a security lapse. like video surveillance, threat detection, etc.” However, some technologies like, “ antivirus, biometric* It is always good to clearly define the access and identity terms and conditions/policies related management are to proprietary or confidential data in uniformly applicable the employment agreements.” to all the companies as they provide the building Milind Mody, CEO, eBrandz.com blocks for security process implementation, he adds. *•A firewall is a software Employment agreements must be in tandem tool that enables IT managers to block unauthorised access even with security policies while allowing authorised communications. Mody feels that it is always good to clearly define the •Antivirus software can be used to make Internet access secure terms and conditions/policies related to proprietary and prevent the computer network of the organisation from getting affected by viruses like malware, spyware, etc. or confidential data in the employment agreements. “Also if an employee is working on projects for which •Identity authentication systems or devices help authenticate or verify the identity of a person or other entity requesting access the company has signed an NDA (non disclosure under security constraints. agreement), it should make sure that the employee •Biometrics is a technique used to recognise humans based upon also signs a similar agreement. Clearly mentioning a one or more physical or behavioural traits, like fingerprints, face few examples of what is considered as corporate data recognition, DNA, hand and palm geometry, iris recognition, theft, makes the agreement more well-defined. Get this voice, etc. agreement vetted by an attorney. This is a one time cost, but it has three advantages. First it makes sure that you Avoid complex policies have fulfilled your responsibility. Second it deters people It is one thing to lay down policies and procedures, from commiting unethical deeds and makes them think and it is quite another to implement those 14 / December 2009 / BenefIT
  • 6. Security “ Security awareness training for end-users (like, people in accounts, HR, etc) and IT/ security staff is required, to equip them with the knowledge to protect themselves and the organisation from security threats.” Dhruv Soi, chair–OWASP (Open Web Application Security Project) India successfully. One key deterrent in of security products to deal with policy adherence is the complexity this challenge, the problems are of policies and procedures, caused by inadequately skilled believes Ghidiyal. He explains: or less-aware staff. Soi suggests “For example, most companies conducting training programmes implement a ‘password aging’ for IT staff to empower them policy, which demands all to tackle security breaches, employees and customers to effectively. He says: “Security change their computer and/or awareness training for end-users Advt Internet login passwords every (like, people in accounts, HR, three months. As the number administration departments, of such systems increases, it etc) and training for IT/security becomes more of a hassle for staff is required, from time-to- employees and then they start time, to equip them with the using easily breakable dictionary knowledge to protect themselves passwords* that are not only easy and the organisation from security to remember but can be uniformly threats.” Agarwal suggests having applied at all places that require regular seminars to discuss issues a password prior to access. Thus related to security. a theoretically sound system of ‘password aging’ actually creates a Better safe than sorry security hole in the system.” So it Agarwal feels that it is better to is best to adopt workable policies limit the use of e-mails and the that are simple and effective to Internet to only those who really implement and adhere to, in the require it. Also, he advises that long run. the IT managers should always monitor out-going attachments, •Dictionary passwords are simple or easily predictable variations of words as and when possible. Soi agrees used as login passwords.] and adds: “Regular log monitoring of servers, applications and Train your staff network devices is required Nearly 80 per cent of security to keep an eye on employee breaches occur due to weak IT behaviour, and also to take security systems. More than lack preventive actions.” BenefIT / December 2009 / 15
  • 7. Security It’s Advantage, Unified help of Medley Marketing, New Delhi, one of the key Watchguard Threat Management Secure Partners in India (WSP). At Wadpack, ESS also Solutions! manages the entire IT requirements in addition to managing its ERP system. “Since With vulnerabilities in the digital world rising by the the Wadpack management minute, keeping organisation networks safe is becoming wanted to focus on growth, an acutely challenging task. Wadpack, a manufacturer profitability and operational efficiency, it decided to leave of corrugated packaging material, opted for a the task of efficiently managing comprehensive threat management solution that has the IT function, including IT been acting as a shield against the security menace. infrastructure security, to ESS,” says Narayanan. B “Since the Wadpack angalore-based Wadpack *[A UTM is an all inclusive is one of the pioneers in manufacturing corrugated management wanted security system that can perform multiple security functions. It can fibre board containers. The to focus on growth, functions as an all-in-one security tool—acting as a firewall, antivirus, company is quite tech savvy and profitability and anti-spam solution, VPN security tool, content filtering tool, and a lot is always on the look out for new operational efficiency, more. To know more about a VPN, concepts and technologies in the it decided to leave refer to the box.] packaging industry. Wadpack, which uses ESS’s the task of efficiently Easy to manage, and ERP ebizframe from its multiple managing the IT economical locations, wanted to ensure secured connectivity between function, including IT The major benefit of a UTM is that so many necessary functions branches. “ Ensuring the security infrastructure security, are combined into one solution. of data transacted through the to ESS.” This saves businesses time, ERP system was quite critical Sankaran Narayanan, money and hassles, affirms Anil finance controller, Wadpack for Wadpack, alongwith linking Bakht, managing director, ESS. its various locations. After a “Maintaining network careful analyses we opted for virtual private network or VPN,” security can often become the Watchguard unified threat says Sankaran Narayanan, finance complex and confusing, but management (UTM)* solution, controller, Wadpack. The solution when all security features are suggested by ESS, to secure our was implemented by ESS with the combined into one system, it is easy to see how all the functions are integrated and how they IT’s a networked world work together. Also, because it is coming from a single Most organisations work in networked environments these days where all computers are vendor, training and support connected, not only in one office, but across branches. This becomes an organisation’s for the entire system also comes virtual private network or VPN. Apart from this, these machines that’re connected over a VPN also connect with computers in the outside world or public network through the from a single vendor. A single Internet. Organisational networks are vulnerable to attacks as precious data traverses window solution helps reduce from one end to the other. This can leave a company’s operational resources, customer the hassles associated with data, proprietary tools and technologies, and intellectual capital in danger of being stolen, managing multi-vendor security misused, or vandalised by third parties. systems,” he suggests. 16 / December 2009 / BenefIT
  • 8. Security Technology tools that may help B usiness units today have begun to look around information, which could be for solutions that can help them protect their their server room or where the software applications, like ERP CRM, etc, and also , accounts or sales team sits. their IT and data infrastructure, observes Ram. The selective application of Now, let us take note of a few IT tools that can help such devices can still be made. businesses to pro-actively deal with this challenge: Otherwise biometric devices cost two or three times more than RFID* (radio frequency identification) card-based Identity authentication tools systems, which are also a viable alternative. It is not possible to validate or authenticate the identity *RFID tags refer to small electronic devices that are made of all staff members or customers, up of a small chip and an antenna. The device can carry manually, every time they attempt to approximately 2,000 bytes of data. And, just as information can be retrieved or read from bar codes or magnetic strips access organisational information. This via a scanner or bar-code reader, RFID devices also require a is because small firms operate with less scanner to retrieve the information stored in them. resources, and manual authentication may lead to transaction processing delays. Information security tools To address to this problem, companies can opt for Companies that have online systems or processes and tools like biometric devices, which can validate the depend on data and information assets, must consider identity of an employee, by validating physical traits, information security technologies like firewalls, antivirus like fingerprints, vein patterns, etc and automate the software, information authentication, encryption* tools, process of allowing information or network access to only etc. authorised staff or customers, suggests Ghildiyal. Agarwal *Encryption is the process of converting information given seconds the thought and suggests: “This is a great option in plaintext into an unreadable format, which can be if you want to add an extra layer of security to certain decoded by a person possessing a special key/password to convert the coded text into plain text again. areas such as server rooms, electrical control panels, etc.” Mody however feels that while biometric devices are Mody shares details about solutions that his quite relevant for businesses like jewellery shops that company, eBrandz has adopted. “I personally feel that have precious assets, for a company with more than if an organisation has more than 25 PCs then antivirus 100 employees, such devices can be a real problem if are useless without a hardware firewall. Besides, most used at the entrance gate. He explains the flip side: “You firewalls have the antivirus component built into it. So will have a long queue of employees while coming in you do not need to invest separately on the antivirus. or going out of the organisation premises, either at the Not spending on such intrusion prevention systems start of the day or at lunch time. There is a school of (like, firewalls) makes mission critical systems and thought that claims that biometric devices help prevent information vulnerable to new attack variants, warns the buddy system that involved the problem of proxy Soi. Agarwal agrees and adds: “This works really well attendance. But I would advice keeping biometric devices to control and more importantly monitor the kind only at places where companies store their sensitive of information your employees have access to and also what they are doing with it (saving, e- “ mailing, copying to USB drives, sending to Companies that have large public competitors, etc).” assets must invest on surveillance Many a time organisations resort to using technologies like video surveillance, pirated software to avoid investing in buying original software. Soi cautions that use of threat detection, etc.” pirated software brings spyware to the system Ram Krishna Ghildiyal, technical head, Sanvei Overseas without the knowledge of user, putting the organisation information at risk. BenefIT / December 2009 / 17
  • 9. Security Tools to safeguard physical assets The way the RFID tracker works for laptops Many organisations assign laptops to their workforce to enable them to keep in touch with the firm from RFID, a combination of radio-frequency-based and microchip anywhere, anytime. In such a scenario, the security of technology helps in identifying an asset. For tracking, an active RFID the laptops, which invariably carry crucial work-related tag of 1.5” (3.8 cm) to 0.765” (1.9 cm) is embedded into the laptop. information, is vital. The RFID reader has both the laptops' ID as well as the employee's tag ID associated with it. Each time a person passes Organisations can have encryption software installed through the main door/entrance gate where the reader is installed, on all the desktops and laptops to avoid the risk of data the tag in the laptop transmits the information stored in it, to the theft in case a computer is stolen/misplaced, suggests RFID reader. Interestingly, the presence as well as movement of Soi. There are two types of encryption tools. One type is a laptop is picked up from a distance of over 30 feet (9.1 meter). The ability to detect a laptop even if it is placed in a moving car used to encrypt files, digital documents or e-mails that enhances this system further. an organisation sends out to people, within or outside the organisation, over the Internet. The other type of encryption tool is used to convert the data on the hard work: “A network access control system prevents access to drive of a computer into an unreadable format, in such a organisational networks unless the connected computer way that it can’t be made readable again unless a password complies with a set standards.” is entered. This tool is useful to *•An organisation network comprises the local area network prevent data loss in the event of theft comprising a group of computers within the organisation premises or the loss of a laptop. or across its different branches connected to each other for the purpose of communication; the other type is a wide area network A RFID (radio frequency through which the organisation communicates with the world identification) asset tracking system outside, over the Internet. is another solution, which can help in •A Web server is a computer program that fetches content in safeguarding assets like laptops, or any other expensive the form of information, data, images, etc, from the Web pages available over the Internet and delivers it via a Web browser (like, devices. The RFID tracking system keeps track of assets Internet Explorer, Firefox, etc). whether placed within the bounds of the organisation or even when anyone moves out of the company gates. Surveillance tools Tools for network security Have CCTVs (closed circuit TV) cameras across the To ensure organisational network security*, a firm can entire premises to monitor physical threats (external/ disable the use of USB drives on PCs/laptops, advises internal). The devices enable not just real time Mody. “Apart from this, have your network configured monitoring but also keep records for future reference, in such a way that data of different departments are says Soi. Mody agrees and says that CCTV cameras are stored at different places. And, then allow access only to also a must for any organisation that has more than 25 authorised people. Some common data can be stored to 30 employees. “This will deter people from stealing centrally but in this case there is a need to have different devices or cash. In serious cases, it might help the police levels of access rights. track down culprits,” he adds. “Access to Web servers* also needs to be restricted only Aggrwal feels that having CCTV cameras is a good to a few select individuals. If an organisation uses Internet option for firms that are into manufacturing and need to based applications like SaaS (software-as-a-service)-based monitor labour movement and behaviour. “Firms can also ERP etc, make sure all such applications are protected , have CCTV cameras to monitor strategic locations,” he through some specific Internet-based restrictions.” observes. Currently, these devices are slightly expensive, Soi explains how network access protection tools but the cost is decreasing rapidly. Considering the kind of threats any existing or probable security Most importantly, firms should that security vulnerabilities expose loopholes, and then around them create a culture of monitoring and an organisation to, it would be wise to devise strategies and deploy observing safe practices to safeguard for firms to first look within, for tools to address security gaps. organisational assets.  18 / December 2009 / BenefIT