|
Recent
Articles |
Security Event Manager Review
Over the last few months I have been fortunate to beta test, or test a number of information security tools to see how well they would work in a high volume environment. It is not every day that you run into a tool that...
Hardware Routers Vs. Kerio Winroute Firewall
I had a call from a customer who already uses Kerio Mailserver. He had downloaded a demo of Kerio WinRoute Firewall and said he had a few questions. The first was a small technical issue that he had...
Where Is HDS In The CAS Space?
I was chatting with fellow ESG'er and avid HDS proponent Tony Asaro about an unrelated matter - how HDS has really been one of the few to take advantage of the V word - they use it as a differentiator on their big...
Presence - Useful For Webinars?
Line56 published an article Monday talking about presence becoming a more important part of IBM's collaborative environment. The article starts off with a quick 'n dirty definition of presence as "the technology that allows you to see when other people are online."
IT Services Outsourcing When You Don't Know...
IT services outsourcing is what you need to do when, not if, your prospects ask for products and services that you are not able to deliver. Many new business owners think they need to know everything. They fear not being...
Collaborative Information Security Next?
Have anyone ever been on the phone with a client after the job, where the client wants more information, needs a copy of the report, or just wants to spend some time discussing the implications of the report that...
Windows Vista Picture Clearing Up
Two stories that have been making the rounds over the weekend: First, there was some misunderstanding that Vista's licensing terms have been changed to make them more restrictive and remove rights away from...
Intel Creates Super-Spiffy New Chip
The latest prototype from Intel involves some very popular buzzwords - "silicon," "hybrid," and "laser" are all present, and the company's Silicon Hybrid Laser (HSL) chip could act as "a breakthrough that will propel...
|
|
|
02.13.07
Information Security Management Still On Top Of The List
 By
Dan Morrill
Top projects of 2007 According to the AICPA, most of them are security, and the number one project is going to be getting a handle on all the information that is generated by people, systems, and procedures, and then making sense out of all of it.
Information Security Management: A systematic approach to encompassing people, processes and IT systems that safeguards critical systems and information, protecting them from internal and external threats.
Incorporates the preservation of confidentiality (information is not available or disclosed to unauthorized individuals, entities, or processes), integrity (safeguarding the accuracy and completeness of key data) and availability (systems and data are accessible and usable upon demand by an authorized entity) of information.
Other properties such as authenticity, accountability, non-repudiation and reliability may also be involved. Source: http://accounting.smartpros.com/x56515.xml
As you go through the article, they all sound like great projects to undertake and something that all companies should be planning on doing if they are not doing most of them already.
The interesting part is that for five years Information Security Management has been on the top of the list. Under the cave in of data that systems generate, working with that data to get to the problem (if any) is still harder to get to than it was five years ago.
Companies like High Tower who make enterprise security management systems, Intellitactics, and others all make products that deliver in this market.
And it is huge, it is a need (anyone who has gone through 120 gigabytes of IIS or Apache logs knows this for a fact) and its still number one on the list companies are most likely to do this year. Over the next couple of years, it is still probably going to remain at the top of the list.
Cost is a factor, installation and the duplication of logs as they traverse the internal network is an issue, policies plans and procedures around these systems is an issue, as well as competent people to run the systems, maintain them, and otherwise support them.
While the technology is needed across many domains, and many business types, there is little training outside of hands on, replete with mistakes, systems down time, and other issues because it was all trial by fire.
These are systems though that as they make inroads into the smaller and medium sized companies will be run by few, needing to be audited just like any other system.
Its needed technology, but very expensive to implement, not just the cost of hardware and software, but network overhead, training, management, auditing, as well as process/procedure development around those systems. Something to keep in mind when installing any Security Information Management System.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
