SlideShare a Scribd company logo

10 security problems unique to it

IT-Toolkits.org
IT-Toolkits.org

The document discusses 10 unique security problems faced by IT organizations. It covers issues such as conflicting priorities between security and productivity, system penetration threats from poorly secured systems, realities of the open Internet including lack of inherent protections, security challenges from portable devices and media, risks of centralized and decentralized systems, and issues around employee turnover. The document provides examples and recommendations for addressing each security problem.

Technology
1 of 4
Download to read offline
Version 1.0 September 6, 200610 security problems unique to IT By Jeff Relkin Security is not an area newly arisen in the wake of the 9/11 tragedy. There have always been reasons to be concerned: conflicting priorities, business environmental factors, information sensitivity, lack of controls on the Internet, ethical lapses, criminal activity, carelessness, and higher levels of connectivity and vulnerability. It’s a tradeoff between limiting danger versus affecting productivity: 100 percent security equals 0 percent productivity, but 0 percent security doesn’t equal 100 percent productivity. No one wants to be controlled. It's demeaning and stifles productivity, and we resent the implication that we can’t be trusted not to break our own networks. On the other hand, organizations have to decide how long they could operate without computers or networks and how reliant they are on the availability and accuracy of data. Absolute security is unattainable and undesirable, so proper security controls seek to reduce risk to acceptable levels. System penetration threats There are all kinds of ways in which systems can be compromised. A popular expression during World War II was “Loose lips sink ships,” which was meant in a possibly somewhat paranoid way to heighten awareness that you never knew who was listening to you, even over a beer at the local pub. Most of us routinely have contact with other professionals whether at industry gatherings, social events, or any number of other venues. It’s all too easy to accidentally disclose critical information that can be used, however unethically or even illegally, to benefit one organization at the expense of another. Carelessly discarding access codes and other kinds of personal identification information without shredding them has made dumpster diving the number one method of obtaining this kind of data. Systems that are poorly or inadequately secured (single-level security, easily guessed passwords, unencrypted data, etc.) are an invitation to problems ranging from low data quality to unauthorized infiltration. Networks can be easily breached due to poorly maintained firewalls and/or virus and spam filters. Security budgets must be adequately funded; management literally puts organizational survival at risk by viewing funding for security measures as a no-return or discretionary expense. Taking responsibility for our own actions (or inactions) coupled with a solid comprehensive security policy is the best defense to prevent breaches from occuring in the first place. Internet security realities Originally built for military use, the Internet today incorporates little inherent protection for information. Administrators at any Internet site can see packets flying by, and without adequate encryption, messages are subject to compromise. The Internet doesn’t automatically protect organizational information—companies must do so independently. Without adequate control, and even with it, employees can access just about anything and bring it in-house. External intruders can access networks and PCs. External message sources typically can’t be found, and message senders don’t know who else, in addition to or instead of the intended recipient, is reading the message. The hacking community is increasingly organized, and by cooperating with each other, networks can be even more easily, and profoundly, compromised. The Internet is an open, uncontrolled network that doesn’t change to suit organizational needs. Identified exposures are not automatically fixed, and most security problems on the Internet are not really Internet problems. Organizations must assume a potentially hostile environment and protect themselves through full message encryption for sensitive information, digital signature for message authentication, high quality maintained firewalls and other filters, employee communication and awareness programs, and any inbound controls that are at least adequate without being excessive. Portability of hardware Corporate road warriors traveling with laptops represent a variety of security challenges. Larger, faster hard drives and more powerful processors provide the ability to download and use local copies of sensitive or confidential databases. Ubiquitous Internet access allow us to stay connected with the same networks and systems we use in the office. Web- based services such as Groove can be used to circumvent corporate document policies. 3 1 2 Page 1 Copyright ©2006 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
10 security problems unique to IT Laptops need to be secured with at least two-phase security controls consisting of a combination of encryption, local userid/password combinations, biometric devices, etc., and organizations need to implement and enforce strict policies on technology use while traveling. Proliferation of new communication methods Does your organization provide PDAs such as BlackBerrys or Treos with network connectivity? Are these devices secured in any way? Many companies have little understanding of just how big a security threat these handy little gizmos represent. Typically connected to central corporate services, such as Outlook or Notes, and providing continuous wireless automatic synchronization with e-mail, calendar, and contact lists, a lost device that’s unsecured by a password can be used to gain authorized entry into those systems. At the very least, they can be used to run up a pretty impressive cell phone bill. Corporations should require that despite the inconvenience, all such devices must have local passwords, subject to the same rules as those used to access the network, including format and frequency of change. They should also require by policy that lost devices be reported immediately so kill signals wiping all local data and rendering the device useless can be issued. Complexity of software The fact that systems and applications have many integrated components that are difficult to individually secure is a poor excuse for not requiring multiple levels of security. Users who have been authenticated for general network access do not necessarily deserve authorization for specific functional components of that network or even within a single integrated environment, such as an ERP. Studies and surveys tell us that employees consider too many different passwords a valid reason for leaving an organization; some large corporations require users to memorize in excess of 15 userid/password combinations. Single sign-on techniques provide the ability to secure systems one component at a time on the basis of one individual access, so there’s no reason to make security onerous to the user community. Degree of interconnection This is just another form of complexity and requires a recognition of the realities of the public access Internet. Supply chain processes connect raw material providers, manufacturers, assemblers, and retailers. As the saying goes, a chain is only as strong as the weakest link. Even if individual organizations within the supply chain have proper security controls in place, one lapse by one of the partners can bring the entire operation to a halt. Consider a situation in which a parts supplier’s network is infiltrated and/or compromised. All the downstream component processes can be negatively affected, either by the delay or loss of a critical ingredient or by a contaminated input, in the same manner that a glitch at the start of an assembly line brings the entire operation to a screetching halt. Organizations need to conduct a comprehensive risk assessment and try to require their partners and suppliers to adhere to adequate security controls, or at the very least, develop contingencies around the possibility of losing access to critical partnerships. Density and accessibility of media Information is currency, and knowledge is power. Knowing this, we’re all responsible for maintaining the integrity and security of the corporate data to which we have authorized access. New forms of higher density portable media make it even more necessary to take this responsibility seriously. CDs, DVDs, flash drives, and other dense portable media are capable of storing multi-gigabytes of data in a form that all too often grows legs and walks away. Corporate users should be circumspect about how they use these media. IT security policy should require that any data moved through USB ports or any other method of creating media do so on an encrypted basis. Policy, and common sense, should also dictate that these same media types never be used for single copies of any data, especially mission critical or business confidential, and limit their use to temporary movement of data from one location to another. 7 6 5 4 Page 2 Copyright ©2006 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
10 security problems unique to IT Centralization Single points of failure can be security nightmares. As important as it is to secure corporate networks, systems, and data, it’s especially critical to do so when those assets are centrally located. Smaller organizations with limited technology resources are particularly vulnerable because they typically have one LAN room or one server rack, which is the entire network for the whole organization. Unauthorized access, power problems, communications glitches, protocol incompatibilities, and questionable system philosophies can all contribute to catastrophic consequences. When technology assets are centralized either as a result of limited resources or simply due to a valid design consideration, attention must be given to special security requirements to ensure continuous operation. Decentralization The opposite situation comes with security considerations of its own. Multiple copies of individual systems or databases all must be equally well secured; one compromised copy renders the entire application suspect. One of the more difficult situations to deal with in global organizations with presences in various countries occurs where Internet access is neither robust, consistent, nor reliable. In this case, the best solution is often to install a distributed DNS server for offline synch with the main corporate network, providing a local facility that while not real time, is at least a comprehensive copy no more than one half day old of necessary data. Since this requires putting sensitive or confidential information out into the field, policies and procedures must be enforced that provide the same level of security for the decentralized facility as that for the main corporate network to avoid the same risks of infiltation and compromise. Turnover Employees changing jobs represent a particularly difficult security challenge. A generation ago, you’d simply turn in your keys and go on with your life, but it’s not so easy to do that when the keys are virtual entries into secure systems. Every access granted to individual employees has to be tracked so that at departure time, those accesses can be turned off. In some cases, security systems will have to be cycled for everyone remaining with an organization when a key employee having a deep level of access goes elsewhere. 8 9 10 Jeff Relkin has 30+ years of technology-based experience at several Fortune 500 corporations as a developer, consultant, and manager. He has also been an adjunct professor in the master’s program at Manhattanville College. At present, he’s the CIO of the Millennium Challenge Corporation (MCC), a federal government agency located in Washington, DC. The views expressed in this article do not necessarily represent the views of MCC or the United States of America. Page 3 Copyright ©2006 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
10 security problems unique to IT Page 4 Copyright ©2006 CNET Networks, Inc. All rights reserved. Additional resources • TechRepublic's Downloads RSS Feed • Sign up for TechRepublic's Downloads Weekly Update newsletter • Sign up for our Network Security NetNote • Check out all of TechRepublic's free newsletters • "10 ethical issues confronting IT managers" (TechRepublic download) • "10 ethical issues raised by IT capabilities" (TechRepublic download) • "Establish and implement effective security policies" (TechRepublic download) Version history Version: 1.0 Published: September 6, 2006 Tell us what you think TechRepublic downloads are designed to help you get your job done as painlessly and effectively as possible. Because we're continually looking for ways to improve the usefulness of these tools, we need your feedback. Please take a minute to drop us a line and tell us how well this download worked for you and offer your suggestions for improvement. Thanks! —The TechRepublic Downloads Team For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

Recommended

Case study
Case studyCase study
Case studyShehrevar Davierwala
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215IJNSA Journal
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...Authentic8
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 

Recommended

Case study
Case studyCase study
Case studyShehrevar Davierwala
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215IJNSA Journal
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...Authentic8
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
Data security
Data security Data security
Data security Laura Breese
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breachesxband
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeIan Lee
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of CompromiseSecurityMetrics
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Information security
Information securityInformation security
Information securityVijayananda Mohire
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Mahmoud Shaban C.V
Mahmoud Shaban C.VMahmoud Shaban C.V
Mahmoud Shaban C.VMahmoud Shaaban
 
Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...
Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...
Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...jangeissler
 

More Related Content

What's hot

Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breachesxband
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeIan Lee
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 

What's hot (20)

Data security
Data security Data security
Data security
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digital
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian Lee
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Information security
Information securityInformation security
Information security
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 

Viewers also liked

Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...
Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...
Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...jangeissler
 
Sociale media voor specifieke doelgroepen 15 11-2011
Sociale media voor specifieke doelgroepen 15 11-2011Sociale media voor specifieke doelgroepen 15 11-2011
Sociale media voor specifieke doelgroepen 15 11-2011B Walburgh Schmidt
 
15_RenovationBringsLife_tm_er
15_RenovationBringsLife_tm_er15_RenovationBringsLife_tm_er
15_RenovationBringsLife_tm_erTerrence McCarthy
 
First eStandards conference Healthcare Executives Panel: Domingos Pereira
First eStandards conference Healthcare Executives Panel: Domingos PereiraFirst eStandards conference Healthcare Executives Panel: Domingos Pereira
First eStandards conference Healthcare Executives Panel: Domingos Pereirachronaki
 
Sluzby pro verejnou spravu_MCTRITON
Sluzby pro verejnou spravu_MCTRITONSluzby pro verejnou spravu_MCTRITON
Sluzby pro verejnou spravu_MCTRITONMarek PAVLÍK
 
Socialization
SocializationSocialization
Socializationfauzma123
 
First eStandards conference Healthcare Executives Panel Introduction
First eStandards conference Healthcare Executives Panel IntroductionFirst eStandards conference Healthcare Executives Panel Introduction
First eStandards conference Healthcare Executives Panel Introductionchronaki
 
1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...Dr. Kai Heitmann
 
миронов юра службы г.канаш
миронов юра службы г.канашмиронов юра службы г.канаш
миронов юра службы г.канашCadets Chuvashiya
 
SoftwareEngineer
SoftwareEngineerSoftwareEngineer
SoftwareEngineerTodd Nguyen
 
Cross-border Healthcare in the EU - Prospects and challenges for the Health T...
Cross-border Healthcare in the EU - Prospects and challenges for the Health T...Cross-border Healthcare in the EU - Prospects and challenges for the Health T...
Cross-border Healthcare in the EU - Prospects and challenges for the Health T...Stella I. Tsartsara
 

Viewers also liked (16)

Mahmoud Shaban C.V
Mahmoud Shaban C.VMahmoud Shaban C.V
Mahmoud Shaban C.V
 
Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...
Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...
Launch auf the European Cancer Patients Bill of Rights: Addressing the unequ...
 
Sociale media voor specifieke doelgroepen 15 11-2011
Sociale media voor specifieke doelgroepen 15 11-2011Sociale media voor specifieke doelgroepen 15 11-2011
Sociale media voor specifieke doelgroepen 15 11-2011
 
CV-04-14
CV-04-14CV-04-14
CV-04-14
 
15_RenovationBringsLife_tm_er
15_RenovationBringsLife_tm_er15_RenovationBringsLife_tm_er
15_RenovationBringsLife_tm_er
 
First eStandards conference Healthcare Executives Panel: Domingos Pereira
First eStandards conference Healthcare Executives Panel: Domingos PereiraFirst eStandards conference Healthcare Executives Panel: Domingos Pereira
First eStandards conference Healthcare Executives Panel: Domingos Pereira
 
Sluzby pro verejnou spravu_MCTRITON
Sluzby pro verejnou spravu_MCTRITONSluzby pro verejnou spravu_MCTRITON
Sluzby pro verejnou spravu_MCTRITON
 
Socialization
SocializationSocialization
Socialization
 
First eStandards conference Healthcare Executives Panel Introduction
First eStandards conference Healthcare Executives Panel IntroductionFirst eStandards conference Healthcare Executives Panel Introduction
First eStandards conference Healthcare Executives Panel Introduction
 
Extraordinario vianey guadalupe aguayo cuevas
Extraordinario vianey guadalupe aguayo cuevasExtraordinario vianey guadalupe aguayo cuevas
Extraordinario vianey guadalupe aguayo cuevas
 
1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...
 
Laura PALs course
Laura PALs courseLaura PALs course
Laura PALs course
 
миронов юра службы г.канаш
миронов юра службы г.канашмиронов юра службы г.канаш
миронов юра службы г.канаш
 
SoftwareEngineer
SoftwareEngineerSoftwareEngineer
SoftwareEngineer
 
Cross-border Healthcare in the EU - Prospects and challenges for the Health T...
Cross-border Healthcare in the EU - Prospects and challenges for the Health T...Cross-border Healthcare in the EU - Prospects and challenges for the Health T...
Cross-border Healthcare in the EU - Prospects and challenges for the Health T...
 
Investors Group
Investors GroupInvestors Group
Investors Group
 

Similar to 10 security problems unique to it

Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdfBelayet Hossain
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureCalgary Scientific Inc.
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxtoltonkendal
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundohdbundo
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 

Similar to 10 security problems unique to it (20)

Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headaches
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 

More from IT-Toolkits.org

Risk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsRisk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsIT-Toolkits.org
 
Information Technology & Its Role in the Modern Organization
Information Technology & Its Role in the Modern OrganizationInformation Technology & Its Role in the Modern Organization
Information Technology & Its Role in the Modern OrganizationIT-Toolkits.org
 
It Organization Management : Revisiting Centralization
It Organization Management : Revisiting CentralizationIt Organization Management : Revisiting Centralization
It Organization Management : Revisiting CentralizationIT-Toolkits.org
 
P2 how to develop an it change management program
P2 how to develop an it change management programP2 how to develop an it change management program
P2 how to develop an it change management programIT-Toolkits.org
 
25 important considerations for selecting new customer support tools
25 important considerations for selecting new customer support tools25 important considerations for selecting new customer support tools
25 important considerations for selecting new customer support toolsIT-Toolkits.org
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
The basics of managing i.t
The basics of managing i.tThe basics of managing i.t
The basics of managing i.tIT-Toolkits.org
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templatesIT-Toolkits.org
 
What is value added- it management_ - it management templates
What is value added- it management_ - it management templatesWhat is value added- it management_ - it management templates
What is value added- it management_ - it management templatesIT-Toolkits.org
 
7 steps to business and it alignment it management templates
7 steps to business and it alignment it management templates7 steps to business and it alignment it management templates
7 steps to business and it alignment it management templatesIT-Toolkits.org
 
Relevant it – it solutions to bridge the gap between business and it it man...
Relevant it – it solutions to bridge the gap between business and it it man...Relevant it – it solutions to bridge the gap between business and it it man...
Relevant it – it solutions to bridge the gap between business and it it man...IT-Toolkits.org
 
Finding a common ground between finance and it it management templates
Finding a common ground between finance and it it management templatesFinding a common ground between finance and it it management templates
Finding a common ground between finance and it it management templatesIT-Toolkits.org
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsIT-Toolkits.org
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 
The benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsThe benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsIT-Toolkits.org
 
Email policies tools to govern usage, access and etiquette it-toolkits
Email policies tools to govern usage, access and etiquette it-toolkitsEmail policies tools to govern usage, access and etiquette it-toolkits
Email policies tools to govern usage, access and etiquette it-toolkitsIT-Toolkits.org
 
Fundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkitsFundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkitsIT-Toolkits.org
 
Why do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsWhy do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsIT-Toolkits.org
 
Help desk ticket categories create help desk ticket classification it-tool...
Help desk ticket categories create help desk ticket classification it-tool...Help desk ticket categories create help desk ticket classification it-tool...
Help desk ticket categories create help desk ticket classification it-tool...IT-Toolkits.org
 

More from IT-Toolkits.org (20)

Risk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsRisk Management & Information Security Management Systems
Risk Management & Information Security Management Systems
 
Information Technology & Its Role in the Modern Organization
Information Technology & Its Role in the Modern OrganizationInformation Technology & Its Role in the Modern Organization
Information Technology & Its Role in the Modern Organization
 
It Organization Management : Revisiting Centralization
It Organization Management : Revisiting CentralizationIt Organization Management : Revisiting Centralization
It Organization Management : Revisiting Centralization
 
It change management
It change managementIt change management
It change management
 
P2 how to develop an it change management program
P2 how to develop an it change management programP2 how to develop an it change management program
P2 how to develop an it change management program
 
25 important considerations for selecting new customer support tools
25 important considerations for selecting new customer support tools25 important considerations for selecting new customer support tools
25 important considerations for selecting new customer support tools
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
The basics of managing i.t
The basics of managing i.tThe basics of managing i.t
The basics of managing i.t
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templates
 
What is value added- it management_ - it management templates
What is value added- it management_ - it management templatesWhat is value added- it management_ - it management templates
What is value added- it management_ - it management templates
 
7 steps to business and it alignment it management templates
7 steps to business and it alignment it management templates7 steps to business and it alignment it management templates
7 steps to business and it alignment it management templates
 
Relevant it – it solutions to bridge the gap between business and it it man...
Relevant it – it solutions to bridge the gap between business and it it man...Relevant it – it solutions to bridge the gap between business and it it man...
Relevant it – it solutions to bridge the gap between business and it it man...
 
Finding a common ground between finance and it it management templates
Finding a common ground between finance and it it management templatesFinding a common ground between finance and it it management templates
Finding a common ground between finance and it it management templates
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkits
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
 
The benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsThe benefits of technology standards it-toolkits
The benefits of technology standards it-toolkits
 
Email policies tools to govern usage, access and etiquette it-toolkits
Email policies tools to govern usage, access and etiquette it-toolkitsEmail policies tools to govern usage, access and etiquette it-toolkits
Email policies tools to govern usage, access and etiquette it-toolkits
 
Fundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkitsFundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkits
 
Why do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsWhy do you need an it policy it-toolkits
Why do you need an it policy it-toolkits
 
Help desk ticket categories create help desk ticket classification it-tool...
Help desk ticket categories create help desk ticket classification it-tool...Help desk ticket categories create help desk ticket classification it-tool...
Help desk ticket categories create help desk ticket classification it-tool...
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

10 security problems unique to it

  • 1. Version 1.0 September 6, 200610 security problems unique to IT By Jeff Relkin Security is not an area newly arisen in the wake of the 9/11 tragedy. There have always been reasons to be concerned: conflicting priorities, business environmental factors, information sensitivity, lack of controls on the Internet, ethical lapses, criminal activity, carelessness, and higher levels of connectivity and vulnerability. It’s a tradeoff between limiting danger versus affecting productivity: 100 percent security equals 0 percent productivity, but 0 percent security doesn’t equal 100 percent productivity. No one wants to be controlled. It's demeaning and stifles productivity, and we resent the implication that we can’t be trusted not to break our own networks. On the other hand, organizations have to decide how long they could operate without computers or networks and how reliant they are on the availability and accuracy of data. Absolute security is unattainable and undesirable, so proper security controls seek to reduce risk to acceptable levels. System penetration threats There are all kinds of ways in which systems can be compromised. A popular expression during World War II was “Loose lips sink ships,” which was meant in a possibly somewhat paranoid way to heighten awareness that you never knew who was listening to you, even over a beer at the local pub. Most of us routinely have contact with other professionals whether at industry gatherings, social events, or any number of other venues. It’s all too easy to accidentally disclose critical information that can be used, however unethically or even illegally, to benefit one organization at the expense of another. Carelessly discarding access codes and other kinds of personal identification information without shredding them has made dumpster diving the number one method of obtaining this kind of data. Systems that are poorly or inadequately secured (single-level security, easily guessed passwords, unencrypted data, etc.) are an invitation to problems ranging from low data quality to unauthorized infiltration. Networks can be easily breached due to poorly maintained firewalls and/or virus and spam filters. Security budgets must be adequately funded; management literally puts organizational survival at risk by viewing funding for security measures as a no-return or discretionary expense. Taking responsibility for our own actions (or inactions) coupled with a solid comprehensive security policy is the best defense to prevent breaches from occuring in the first place. Internet security realities Originally built for military use, the Internet today incorporates little inherent protection for information. Administrators at any Internet site can see packets flying by, and without adequate encryption, messages are subject to compromise. The Internet doesn’t automatically protect organizational information—companies must do so independently. Without adequate control, and even with it, employees can access just about anything and bring it in-house. External intruders can access networks and PCs. External message sources typically can’t be found, and message senders don’t know who else, in addition to or instead of the intended recipient, is reading the message. The hacking community is increasingly organized, and by cooperating with each other, networks can be even more easily, and profoundly, compromised. The Internet is an open, uncontrolled network that doesn’t change to suit organizational needs. Identified exposures are not automatically fixed, and most security problems on the Internet are not really Internet problems. Organizations must assume a potentially hostile environment and protect themselves through full message encryption for sensitive information, digital signature for message authentication, high quality maintained firewalls and other filters, employee communication and awareness programs, and any inbound controls that are at least adequate without being excessive. Portability of hardware Corporate road warriors traveling with laptops represent a variety of security challenges. Larger, faster hard drives and more powerful processors provide the ability to download and use local copies of sensitive or confidential databases. Ubiquitous Internet access allow us to stay connected with the same networks and systems we use in the office. Web- based services such as Groove can be used to circumvent corporate document policies. 3 1 2 Page 1 Copyright ©2006 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
  • 2. 10 security problems unique to IT Laptops need to be secured with at least two-phase security controls consisting of a combination of encryption, local userid/password combinations, biometric devices, etc., and organizations need to implement and enforce strict policies on technology use while traveling. Proliferation of new communication methods Does your organization provide PDAs such as BlackBerrys or Treos with network connectivity? Are these devices secured in any way? Many companies have little understanding of just how big a security threat these handy little gizmos represent. Typically connected to central corporate services, such as Outlook or Notes, and providing continuous wireless automatic synchronization with e-mail, calendar, and contact lists, a lost device that’s unsecured by a password can be used to gain authorized entry into those systems. At the very least, they can be used to run up a pretty impressive cell phone bill. Corporations should require that despite the inconvenience, all such devices must have local passwords, subject to the same rules as those used to access the network, including format and frequency of change. They should also require by policy that lost devices be reported immediately so kill signals wiping all local data and rendering the device useless can be issued. Complexity of software The fact that systems and applications have many integrated components that are difficult to individually secure is a poor excuse for not requiring multiple levels of security. Users who have been authenticated for general network access do not necessarily deserve authorization for specific functional components of that network or even within a single integrated environment, such as an ERP. Studies and surveys tell us that employees consider too many different passwords a valid reason for leaving an organization; some large corporations require users to memorize in excess of 15 userid/password combinations. Single sign-on techniques provide the ability to secure systems one component at a time on the basis of one individual access, so there’s no reason to make security onerous to the user community. Degree of interconnection This is just another form of complexity and requires a recognition of the realities of the public access Internet. Supply chain processes connect raw material providers, manufacturers, assemblers, and retailers. As the saying goes, a chain is only as strong as the weakest link. Even if individual organizations within the supply chain have proper security controls in place, one lapse by one of the partners can bring the entire operation to a halt. Consider a situation in which a parts supplier’s network is infiltrated and/or compromised. All the downstream component processes can be negatively affected, either by the delay or loss of a critical ingredient or by a contaminated input, in the same manner that a glitch at the start of an assembly line brings the entire operation to a screetching halt. Organizations need to conduct a comprehensive risk assessment and try to require their partners and suppliers to adhere to adequate security controls, or at the very least, develop contingencies around the possibility of losing access to critical partnerships. Density and accessibility of media Information is currency, and knowledge is power. Knowing this, we’re all responsible for maintaining the integrity and security of the corporate data to which we have authorized access. New forms of higher density portable media make it even more necessary to take this responsibility seriously. CDs, DVDs, flash drives, and other dense portable media are capable of storing multi-gigabytes of data in a form that all too often grows legs and walks away. Corporate users should be circumspect about how they use these media. IT security policy should require that any data moved through USB ports or any other method of creating media do so on an encrypted basis. Policy, and common sense, should also dictate that these same media types never be used for single copies of any data, especially mission critical or business confidential, and limit their use to temporary movement of data from one location to another. 7 6 5 4 Page 2 Copyright ©2006 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
  • 3. 10 security problems unique to IT Centralization Single points of failure can be security nightmares. As important as it is to secure corporate networks, systems, and data, it’s especially critical to do so when those assets are centrally located. Smaller organizations with limited technology resources are particularly vulnerable because they typically have one LAN room or one server rack, which is the entire network for the whole organization. Unauthorized access, power problems, communications glitches, protocol incompatibilities, and questionable system philosophies can all contribute to catastrophic consequences. When technology assets are centralized either as a result of limited resources or simply due to a valid design consideration, attention must be given to special security requirements to ensure continuous operation. Decentralization The opposite situation comes with security considerations of its own. Multiple copies of individual systems or databases all must be equally well secured; one compromised copy renders the entire application suspect. One of the more difficult situations to deal with in global organizations with presences in various countries occurs where Internet access is neither robust, consistent, nor reliable. In this case, the best solution is often to install a distributed DNS server for offline synch with the main corporate network, providing a local facility that while not real time, is at least a comprehensive copy no more than one half day old of necessary data. Since this requires putting sensitive or confidential information out into the field, policies and procedures must be enforced that provide the same level of security for the decentralized facility as that for the main corporate network to avoid the same risks of infiltation and compromise. Turnover Employees changing jobs represent a particularly difficult security challenge. A generation ago, you’d simply turn in your keys and go on with your life, but it’s not so easy to do that when the keys are virtual entries into secure systems. Every access granted to individual employees has to be tracked so that at departure time, those accesses can be turned off. In some cases, security systems will have to be cycled for everyone remaining with an organization when a key employee having a deep level of access goes elsewhere. 8 9 10 Jeff Relkin has 30+ years of technology-based experience at several Fortune 500 corporations as a developer, consultant, and manager. He has also been an adjunct professor in the master’s program at Manhattanville College. At present, he’s the CIO of the Millennium Challenge Corporation (MCC), a federal government agency located in Washington, DC. The views expressed in this article do not necessarily represent the views of MCC or the United States of America. Page 3 Copyright ©2006 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
  • 4. 10 security problems unique to IT Page 4 Copyright ©2006 CNET Networks, Inc. All rights reserved. Additional resources • TechRepublic's Downloads RSS Feed • Sign up for TechRepublic's Downloads Weekly Update newsletter • Sign up for our Network Security NetNote • Check out all of TechRepublic's free newsletters • "10 ethical issues confronting IT managers" (TechRepublic download) • "10 ethical issues raised by IT capabilities" (TechRepublic download) • "Establish and implement effective security policies" (TechRepublic download) Version history Version: 1.0 Published: September 6, 2006 Tell us what you think TechRepublic downloads are designed to help you get your job done as painlessly and effectively as possible. Because we're continually looking for ways to improve the usefulness of these tools, we need your feedback. Please take a minute to drop us a line and tell us how well this download worked for you and offer your suggestions for improvement. Thanks! —The TechRepublic Downloads Team For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html