Printer Friendly
The Free Library
14,573,512 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Information security: debunking the myths. (2003 Technology & Business Resource Guide).


Technology has opened significant new opportunities to small and large businesses. The Internet has become an essential tool for research, communication, conducting commerce and more. Yet always on, high-speed connectivity to the Internet has also brought significant new threats to the security of information resources (1) The data and information assets of an organization, department or unit. See data administration.

(2) Another name for the Information Systems (IS) or Information Technology (IT) department. See IT. .

These threats are not new, but continue to increase in sophistication so·phis·ti·cate  
v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates

v.tr.
1. To cause to become less natural, especially to make less naive and more worldly.

2.  and in their ability to do serious damage. As a result, securing the confidentiality, integrity and availability of mission-critical data has never been more important.

While few individuals or businesses will deny the reality of a cyberattack, many have taken precious few steps to proactively defend their information. I find this puzzling. When it comes to physical security, no one would ever think about leaving without securing the building from unwanted intruders. Yet when it comes to information security, many leave the doors and windows Doors and Windows is a multimedia disk by the Irish band The Cranberries. Track listing
  1. "Dreams Live" (London Astoria)
  2. "So Cold In Ireland"
  3. "Away"
  4. "I Don't Need"
  5. "Zombie" (Live Woodstock)
 wide open. Their information resources are vulnerable to all sorts of unwanted intruders, who are capable of wreaking havoc within their system. Only after being compromised are issues of information security considered seriously.

I believe this can be traced to five myths regarding information security. In debunking de·bunk  
tr.v. de·bunked, de·bunk·ing, de·bunks
To expose or ridicule the falseness, sham, or exaggerated claims of: debunk a supposed miracle drug.  these myths, the true nature of the existing threat and the potential consequences for not adequately preparing become painfully obvious.

MYTH 1: HACKING IS COMPLEX

Hacking tools are readily available and becoming increasingly sophisticated. A simple search of "hacking" on Google, for example, provides a plethora of information, tools and tutorials for the would-be hacker.

And according to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3.  the Feb. 26, 2002 issue of PC Magazine, Symantec--the maker of Norton Internet Security Norton Internet Security (NIS) is a computer utility suite made by Symantec Corporation, with a focus on providing comprehensive Internet protection. It is available for both Microsoft Windows and Mac OS X. It is one of Symantec's flagship products.  2002--estimates that more than 30,000 websites offered hacking tools and that anyone could learn to hack in 10 minutes.

Increasingly, the perpetrators of cyberattacks are not computer professionals. Fancy certifications aren't required. Junior high and high school kids (aka "script kiddies," "packet monkeys" and "cyberpunks") have enough tech knowledge to spend their free time spreading malicious software and scanning thousands of computers for vulnerable systems.

Once a vulnerable system is identified, the hacker can quickly begin to do serious damage.

MYTH 2: HACKERS ARE ONLY CONCERNED ABOUT HIGH PROFILE COMPANIES

While it's true that Fortune 500 companies such as Microsoft and Yahoo receive lots of attention when their systems are penetrated, small and midsize businesses are not exempt. The reality is that cyberattacks on these businesses occur just as frequently as the high profile cases we hear about in the media.

The reason we don't hear more about these cyberattacks is that the vast majority of them go unreported. Small Business A doesn't broadcast the fact that its computer system was down for three days after being infected by the latest worm. As a result, other small and midsize businesses have a tendency to downplay the threat.

But hackers are not picky pick·y  
adj. pick·i·er, pick·i·est Informal
Excessively meticulous; fussy.

picky
Adjective

[pickier, pickiest] Brit, Austral & NZ  about their targets. They're simply looking for Looking for

In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with.  systems with the lights on and doors unlocked. Why? In some cases the answer is simply because they can. In other cases, data theft and fraud create inroads inroads
Noun, pl

make inroads into to start affecting or reducing: my gambling has made great inroads into my savings

inroads npl to make inroads into [+  for greater mischief.

MYTH 3: I HAVEN'T BEEN HACKED YET

This myth is no different than someone who eats several chili cheeseburgers a day claiming they'll be fine because they haven't yet had a heart attack.

Businesses that have had the good fortune of avoiding encounters with viruses such as Melissa or Klez can be lulled into a state of inaction. The reality is that cyber-attacks are going to continue, will be more sophisticated and will be capable of doing even more damage.

Here's what Internet Week said more than two years ago: "If you're not afraid about the state of your company's security, you should be. Hackers are scanning ports en masse en masse  
adv.
In one group or body; all together: The protesters marched en masse to the capitol.


[French : en, in + masse, mass. , coordinated attacks are gaining popularity and network users who appear to be valid are often imposters. And that's just outside attacks ... The message is simple: Be aware--or be hacked."

MYTH 4: I'VE GOT A FIREWALL

When most people think of Internet security ''This article or section is being rewritten at

Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. , firewalls get most of the attention. Firewalls are an essential component, but they are not sufficient in and of themselves to provide an adequate level of security. In fact, no one strategy, no one security appliance Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. , no one vendor can provide full protection against cyberattacks.

MYTH 5: I'M TOO BUSY TO DEAL WITH SECURITY

As the frequency and sophistication of cyberattacks increase, the price of inaction grows. Those who consider themselves too busy to secure their information and applications haven't seriously considered the risk. Just one attack can negatively impact:

* Revenue: A virus can result in days of downtime for a computer network, which can be especially costly to small and midsize businesses, many of which rely on outside consultants for computer support.

* Reputation/Credibility: A law designed to combat identity theft takes effect July 1. This law, SB 1386, requires companies that have information security breaches to report it to all of their California-based customers. To trigger the law, the breach must expose customer names associated with Social Security numbers, drivers license numbers, or credit card or bank account numbers.

* Customers: Customers want to know that their personal information is safe. Without that confidence, it's not a stretch to think that at least a portion of them could take their business elsewhere.

* Productivity: Nearly every company's productivity is tied to a properly functioning computer system. If the system's data is corrupted or otherwise unavailable, the slowdown is not easily recovered.

* A lawsuit: Security breaches open up the potential for serious liability--regulatory, contractual or criminal. For instance, companies who ignore the mandate in SB 1386 face the possibility of defending a class action lawsuit class action lawsuit

A lawsuit in which one party or a limited number of parties sue on behalf of a larger group to which the parties belong. For example, investors may bring a class action lawsuit against a brokerage firm that has actively promoted a tax .

If you're starting to sweat at this point, let me assure you that the threat to information resources isn't a reason to despair-it's a reason to prepare.

HOW TO BEGIN PREPARING

The first step toward risk reduction is the development of a multilayered defense strategy. Think of an onion. A single layer of defense, such as a firewall, is not capable of providing an adequate level of security.

With multiple layers of defense, your ability to withstand the most common attacks increases dramatically.

Along with a firewall, another element of information security is anti-virus software anti-virus software nAntivirensoftware f . Other security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising"
security  that cover wireless access points, servers, intrusion detection See IDS and IPS.  and virtual private networks should be considered. And, since not all attacks occur from outside, internal controls and security policies must be set.

After a strategy is developed, a security assessment is useful. The purpose of such an assessment is to evaluate a company's level of security and ability to withstand the most common attacks. An assessment is also a good way to benchmark existing security infrastructure with industry best practices.

Businesses must realize that information security is an ongoing process and should consider an annual security assessment.

Finally, a word of caution: It's important to realize that no security strategy is 100 percent secure. Consider the following from John Pescatore from Gartner:

"In the end, no defense is foolproof; the weapons of the hacker's world are getting more powerful and the enticements of Internet sites are getting too rich. But vigilance can and must go long way toward reducing the risk."

Vigilance includes acknowledging the severity of the problem, defining a defense strategy, implementing proper safeguards and maintaining a long-term commitment to information security.

RELATED ARTICLE: AICPA AICPA

See American Institute of Certified Public Accountants (AICPA).  20Q3 TOP TECHNOLOGIES LIST

Information security is the No. 1 issue for the American technology community, according to the AICPA's 2003 Top Technologies. More that 200. AICPA and information Technology Alliance members participated in the survey, which included 142 CPAs holding the AICPA's CITP (Certified Information Technology Professional) A specialty credential awarded by the AICPA to its CPA members who excel in the provision of technology-related business services.  designation.

The top 10 issues are:

1. Information Security

2. Business Information Management

3. Application Integration

4. Web Services

5. Disaster Recovery Planning

6. Wireless Technologies

7. Intrusion Detection

8. Remote Connectivity

9. Customer Relationship Management

10. Privacy

David M. Cieslak, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , CITP, GSEC GSEC GIAC Security Essentials Certification (computer security certification designation)
GSEC Geophysical Survey and Exploration Contract
GSEC Generalized Switch-And-Examine Combining  is a principal with Encino-based Information Technology Group Inc. You can reach him at (818) 380-9900 or dcieslak@itgusa.com.
COPYRIGHT 2003 California Society of Certified Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Author:Cieslak, David M.
Publication:California CPA
Geographic Code:1USA
Date:May 1, 2003
Words:1319
Previous Article:Less paper, more security: electronic storage doesn't mean more secure files. (2003 Technology & Business Resource Guide: Document Management).
Next Article:A giant HIPAA: new guidelines reach far beyond health care industry. (2003 Technology & Business Resource Guide: Privacy Protection).(Health...
Topics:



Related Articles
GREEN MONEY.(instructions on socially responsible investing)(Brief Article)
Good Slap in the face.(Review)
These Honored Dead: How the Story of Gettysburg Shaped American Memory.(Brief Article)(Audiobook Review)
Allworth Press.(Power Speaking: The Art of the Exceptional Public Speaker)(Real Business of Photography)(Brief Article)(Book Review)
Timing in the Fighting Arts.(Brief article)(Book review)
A provocative look at pr.( Unleashing the Power of PR: A Contrarian's Guide to Marketing and Communication)(Brief article)(Book review)
A must read for everyone in the ag industry.(agriculture)(Henderson Communications publishes Alex Avery's new book, "The Truth About Organic Food--A...
Heart Attack.(Brief article)(Book review)
Epilepsy.
Who Stole My Food? Book I.

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles