Taking E-Security To A Higher Level. (E-Commerce Security).The attacks on the World Trade Center and the Pentagon in September -- and the events that have transpired since then -- have drastically changed the way business is conducted across the industrial spectrum. Sectors ranging from automotive to retail to telecommunications face harsh new realities, filled with previously unimaginable threats and a multitude of complex issues, both financial and emotional. For starters, physical security has become a critical aspect of daily business life, with companies now more sensitive to employee safety and asset protection. Business continuity plans have also taken center stage, as companies seek to assure clients and employees that business will continue to operate, even under the most daunting daunt tr.v. daunt·ed, daunt·ing, daunts To abate the courage of; discourage. See Synonyms at dismay. [Middle English daunten, from Old French danter, from Latin circumstances (see article on page 20). But even as companies place priority on matters of physical security, they cannot afford to lose sight of the dangers that exist within the virtual world. Companies have grown reliant on the Web to conduct business, manage supply chains, communicate with employees and customers and complete digital transactions. These digital processes have been fueled by a company-client relationship that's been built on trust. Without trust, the benefits of e-business are at risk in the inherently non-secured arena of cyberspace Coined by William Gibson in his 1984 novel "Neuromancer," it is a futuristic computer network that people use by plugging their minds into it! The term now refers to the Internet or to the online or digital world in general. See Internet and virtual reality. Contrast with meatspace. . As the Web has grown into a critical component for conducting business, Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. -- protecting companies from sabotage, viruses, theft and a wide range of devious de·vi·ous adj. 1. Not straightforward; shifty: a devious character. 2. Departing from the correct or accepted way; erring: achieved success by devious means. attacks -- has become essential. Considering how indispensable e-security can be to a company's brand and bottom line, it's unfortunate just how many executives haven't given Internet security the priority status it deserves. A comprehensive e-security plan -- among clients, as well as internally -- can help generate new business opportunities, enhance customer experiences and avoid costly liabilities. Internet security also plays an increasingly important role in protecting market share, as investors gauge just how committed a company is to preserving the bonds of trust in a digital environment. While the climate since Sept. 11 should have raised greater concerns about Internet security, many still soft-pedal the issue. Consider this: e-security breaches worldwide cause nearly $15 billion worth of financial losses each year, not to mention the potential legal and insurance costs. Electronic theft alone should be alarming enough to persuade organizations to erect e-security safeguards. Assets that could be lost through electronic crime include: banking and financial transaction data; information related to competitive positioning; intellectual property (processes, methods, trade secrets, proprietary data and other intangible assets Intangible Asset An asset that is not physical in nature. Notes: Examples are things like copyrights, patents, intellectual property, and goodwill. These are the opposite of tangible assets. ); litigation-sensitive documents; product designs; and employee identification data, whose loss can lead to "identity theft." Additionally, companies that have recently made acquisitions are more vulnerable to security breaches simply because they may not know how to properly extend their security system beyond their own enterprise. Often, in these cases, very little is known about the level of security of the company being acquired. Downplaying this aspect of security can endanger en·dan·ger tr.v. en·dan·gered, en·dan·ger·ing, en·dan·gers 1. To expose to harm or danger; imperil. 2. To threaten with extinction. the viability of the joint newly-formed organization. Indeed, in many cases, even security frameworks in place are not enterprise-wide or comprehensive. Instead, companies opt for a spotcheck, demonstrating only that information is secure at the time of the test. This approach just doesn't satisfy the digital demands of today's "open for e-business 24/7" companies, which require e-security plans that adapt to longer-term needs. Preparing for future breaches and viruses with a comprehensive program involving people, processes and technology can help a company stay one step ahead of perpetrators seeking to steal or damage one's digital assets. Getting Down To Business Executives who pigeon-hole e-security as a quick, information-technology fix are not taking enough steps to ensure their company is protected. Internet security fortification fortification, system of defense structures for protection from enemy attacks. Fortification developed along two general lines: permanent sites built in peacetime, and emplacements and obstacles hastily constructed in the field in time of war. requires an approach that frames the issue in a broader context, integrating it into the fabric of a company's business ethos. The following can serve as guideposts Guideposts is a Christian-faith based non-profit organization founded in 1945 by Dr. Norman Vincent Peale and his wife, Ruth Stafford Peale. The Guideposts organization is headquartered in Carmel, New York, with additional offices in New York City, Chesterton, Indiana, and Pawling, for a company grappling with the question of where e-security fits in the overall scheme of its business: Solutions Start at the Top -- Ongoing e-business success is fostered when digital security is addressed from the highest levels. The security program should be part of the chief executive officer's risk management portfolio, and one that the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. understands, embraces and communicates throughout the ranks. The board of directors also must pose the right questions to help ensure risk in the electronic environment is being managed properly. "What is your information worth?" and "What measures can protect access to that information?" are just some of the questions to address for gaining a clear sense of the risks companies face. Go Beyond the Quick IT Fix -- Corporate chiefs are shortchanging Internet security when they simply turn to their information technology (IT) department for a quick technology fix. Security is not just a technology problem. It's a business issue whose solution requires a combination of the right people and a clear process -- in addition to technology. No two companies are alike, and while they may use the same IT hardware or networking equipment, the data they generate and distribute is different, as are their people and facilities. A welt-briefed and well-trained employee staff, equipped with updated, effective technologies, remains the ideal scenario. Don't Procrastinate pro·cras·ti·nate v. pro·cras·ti·nat·ed, pro·cras·ti·nat·ing, pro·cras·ti·nates v.intr. To put off doing something, especially out of habitual carelessness or laziness. v.tr. on E-Security Investments -- Ever-changing factors such as regulatory, privacy and technology issues could deter making the necessary investments in digital protection. A company that is serious about an e-business strategy needs to make that investment now. An Internet security program is a long-term initiative that, if implemented effectively, should be flexible enough to evolve as it stands up to future threats and scenarios. But once a break-in has been detected, Remember, no single security solution has ever proved to be perfectly secure. There are only relative solutions, based on a real assessment of vulnerabilities and exposures. A relative solution balances the cost of security against a worst-case scenario worst-case scenario n → Schlimmstfallszenario nt . Don't wait until all matters beyond influence are resolved before investing in enterprise security architecture. Attackers preying on vulnerable companies aren't waiting. Employees: Part of the Problem and the Solution -- When deciding where to spend security dollars, bear in mind that a significant number of reported break-ins are inside jobs. Insiders attempting to escalate es·ca·late v. es·ca·lat·ed, es·ca·lat·ing, es·ca·lates v.tr. To increase, enlarge, or intensify: escalated the hostilities in the Persian Gulf. v.intr. their information access privileges for malicious purposes can result in intellectual property or trade secrets ending up in the wrong hands. Besides being a company's biggest vulnerability, its people can be a its greatest security asset. Educating employees about various types of external breaches, and empowering them with prevention methods, is an area not to be minimized. In fact, technology leaders such as Microsoft and eBay advocate making people part of the solution, and rely on people more than technology when it comes to e-security. The human part of any security solution cannot be emphasized enough. Prevention: One-Third of the Security Solution -- The other two-thirds comprise detection and response. Some executives think that once prevention methods are employed -- a firewall between the enterprise network and the Internet, for instance -- that the network is then ready to deal with hackers. But this does not make your system impossible to penetrate, nor does it protect from an insider with ill intent. Of the tools used for detecting intrusions, an Intrusion Detection System This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. (IDS) -- which works in conjunction with a network management console The client component of network management software that provides the user interface and "control room" view of the network. or platform -- enables companies to catch a hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. in the act. But once a break-in has been detected, a security environment must also support a response. Instant response programs that are tailored to a company's unique characteristics can address violations immediately, ensuring they don't recur. Although some companies have taken steps to ensure their information is secure, many are still falling behind when it comes to integrating an enterprise-wide, digital security program that incorporates the right people, processes and technologies. This is all the more perplexing per·plex tr.v. per·plexed, per·plex·ing, per·plex·es 1. To confuse or trouble with uncertainty or doubt. See Synonyms at puzzle. 2. To make confusedly intricate; complicate. when you consider the central role e-security plays in fostering legitimate business practices while deterring illegitimate ones. CEOs and top financial executives should make it a priority to ensure that Internet security remains under their purview The part of a statute or a law that delineates its purpose and scope. Purview refers to the enacting part of a statute. It generally begins with the words be it enacted and continues as far as the repealing clause. and within their risk management portfolio. A failure to do so could result in an information security strategy that fails to inform or energize en·er·gize v. en·er·gized, en·er·giz·ing, en·er·giz·es v.tr. 1. To give energy to; activate or invigorate: "His childhood those at the front lines -- the employees. With support from the top, and a plan that evolves with time, companies can address the known preparedness gaps that exist and protect themselves against unexpected digital attacks. Mary Pat McCarthy, global chair of KPMG KPMG Klynveld Peat Marwick Goerdeler (accounting firm) KPMG Kaiser Permanente Medical Group KPMG Keiner Prüft Mehr Genau (German) KPMG Kommen Prüfen Meckern Gehen LLP's Information, Communications and Entertainment Practice in Mountain View, Calif. and Stuart Campbell Stuart Campbell is the name of:
advisory services provided to the public, in their capacity as owners and managers of animals, are an important part of veterinary science. They may be provided by government bureaux, by commercial companies who deal in pharmaceuticals or animals or animal practice in San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden , are co-authors of Security Transformation. KPMG LLP LLP - Lower Layer Protocol is the U.S. member firm of KPMG International and can be reached at www.us.kpmg.com. The views and opinions are those of the authors and do not necessarily represent those of KPMG LLP. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion