Search
Related Links

 

 

Informative Articles

A Customer complaint management system
Background The company was experiencing an increase in the number of customer complaints and an increase in the cost of processing them and we were hired to analyze the current situation and develop recommendations to increase the effectiveness of...

Asset Searching for Recovery Actions - The Decision Maker’s Most Critical Tool – Part 1
As certified fraud examiners (CFE), we all know the nuts and bolts of our respective areas of specialty, and hopefully, we are all growing professionally at an astounding pace. Crime does, unfortunately, pay – just not for the criminal. After...

Career Paths For A Comptia A+ Certified Technician
The world is your oyster. Where you decide to take your career after this is entirely up to you. There are some things to consider depending on your geographic location. If you happen to live in or near the larger populated cities, competition for...

Eliminating the Risk of Delivering Network-Ready Applications
The transition from development to production is a risky one. Distributed applications that look good on the developer's bench often under-perform in the production environment. Even apparently innocuous changes to an application can cause...

How to Backup a PC
Everyone thinks, ‘it won’t happen to me’. But what if it does? All your files, pictures and documents gone, in an instant. Sure, you can reach for the disks that came with your computer to reinstall the applications but what about the most...

 
Corporate Information Security: Is Our Information More Secure Since September 11th?

One might think that years after September 11th, 2001 there would be dramatic differences and improvements in the way businesses strive to protect their employees, assets, and data. However, changes have been more gradual than many had expected. A look at some of the trends that have been developing over the years since September 11th reveals signs of change for the better--although the need for more information security advancement is abundantly clear.

The morning of September 11th, 2001 started like any other for employees of the law firm Turner & Owen, located on the 21st floor of One Liberty Plaza directly across the street from the North World Trade Center Tower.  Then everyone heard a huge explosion and their building shook as if in an earthquake.  Debris rained from the sky.

Not knowing what was happening, they immediately left the building in an orderly fashion--thanks to systematic practice of evacuation drills--taking whatever files they could on the way out.  File cabinets and computer systems all had to be left behind.  In the disaster that ensued, One Liberty Plaza was wrecked and leaning with the top ten floors twisted--the offices of Turner & Owen were decimated. 

Although Turner & Owen IT staff made regular backup tapes of their computer systems, those tapes had been sent to a division of the company located in the South World Trade Center Tower and they were completely lost when the South Tower was destroyed.  Knowing they had to recover their case databases or likely go out of business, Frank Turner and Ed Owen risked their lives and crawled through the structurally-unstable One Liberty Plaza and retrieved two file servers with their most critical records.  With this information, the law firm of Owen & Turner was able to resume work less than two weeks later.

Many other companies were never able to recover the information lost in this disaster.

What Has Changed?

One might think that years after such a devastating loss of lives, property and information there would be dramatic differences and improvements in the way businesses strive to protect their employees, assets, and data.  However, changes have been more gradual than many had expected.  "Some organizations that should have received a wakeup call seemed to have ignored the message," says one information security professional who prefers to remain anonymous. 

A look at some of the trends that have been developing over the years since September 11th reveals signs of change for the better--although the need for more information security advancement is abundantly clear.

Federal Trends

The most noticeable changes in information security since September 11th, 2001 happened at the federal government level.  An assortment of Executive Orders, acts, strategies and new departments, divisions, and directorates has focused on protecting America’s infrastructure with a heavy emphasis on information protection.

Just one month after 9/11, President Bush signed Executive Order 13231 "Critical Infrastructure Protection in the Information Age" which established the President's Critical Infrastructure Protection Board (PCIPB).  In July 2002, President Bush released the National Strategy for Homeland Security that called for the creation of the Department of Homeland Security (DHS), which would lead initiatives to prevent, detect, and respond to attacks of chemical, biological, radiological, and nuclear (CBRN) weapons. The Homeland Security Act, signed into law in November 2002, made the DHS a reality.

In February 2003, Tom Ridge, Secretary of Homeland Security released two strategies: "The National Strategy to Secure Cyberspace," which was designed to "engage and empower Americans to secure the portions of cyberspace that they own, operate, control, or with which they interact" and the "The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets" which "outlines the guiding principles that will underpin our efforts to secure the infrastructures and assets vital to our national security, governance, public health and safety, economy and public confidence". 

Additionally, under the Department of Homeland Security's Information Analysis and Infrastructure Protection (IAIP) Directorate, the Critical Infrastructure Assurance Office (CIAO), and the National Cyber Security Division (NCSD) were created.  One of the top priorities of the NCSD was to create a consolidated Cyber Security Tracking, Analysis and Response Center following through on a key recommendation of the National Strategy to Secure Cyberspace.

With all this activity in the federal government related to securing infrastructures including key information systems, one might think there would be a noticable impact on information security practices in the private sector.  But response to the National Strategy to Secure Cyberspace in particular has been tepid, with criticisms centering on its lack of regulations, incentives, funding and enforcement.  The sentiment among information security professionals seems to be that without strong information security laws and leadership at the federal level, practices to protect our nation's critical information, in the private sector at least, will not significantly change for the better.

Industry Trends

One trend that appears to be gaining ground in the private sector, though, is the increased emphasis on the need to share security-related information among other companies and organizations yet do it in an anonymous way.  To do this, an organization can participate in one of dozen or so industry-specific Information Sharing and Analysis Centers (ISACs).  ISACs gather alerts and perform analyses and notification of both physical and cyber threats, vulnerabilities, and warnings.  They alert public and private sectors of security information necessary to protect critical information technology infrastructures, businesses, and individuals.  ISAC members also have access to information and analysis relating to information provided by other members and obtained from other sources, such as US Government, law enforcement agencies, technology providers and security associations, such as CERT.

Encouraged by President Clinton’s Presidential Decision Directive (PDD) 63 on critical infrastructure protection, ISACs first started forming a couple of years before 9/11; the Bush administration has continued


to support the formation of ISACs to cooperate with the PCIPB and DHS.

ISACs exist for most major industries including the IT-ISAC (https://www.it-isac.org/) for information technology, the FS-ISAC (http://www.fsisac.com) for financial institutions as well as the World Wide ISAC (http://www.wwisac.com/) for all industries worldwide.  The membership of ISACs have grown rapidly in the last couple of years as many organizations recognize that participation in an ISAC helps fulfill their due care obligations to protect critical information.

A major lesson learned from 9/11 is that business continuity and disaster recovery (BC/DR) plans need to be robust and tested often.  "Business continuity planning has gone from being a discretionary item that keeps auditors happy to something that boards of directors must seriously consider," said Richard Luongo, Director of PricewaterhouseCoopers' Global Risk Management Solutions, shortly after the attacks.  BC/DR has proven its return on investment and most organizations have focused great attention on ensuring that their business and information is recoverable in the event of a disaster.

There also has been a growing emphasis on risk management solutions and how they can be applied to ROI and budgeting requirements for businesses.  More conference sessions, books, articles, and products on risk management exist than ever before.  While some of the growth in this area can be attributed to legislation like HIPAA, GLBA, Sarbanes Oxley, Basel II, etc., 9/11 did a lot to make people start thinking about threats and vulnerabilities as components of risk and what must be done to manage that risk.

Technology Trends

Most companies realized the need to monitor their networks 24x7 prior to 9/11, but afterwards it became a top priority if such a capability wasn't already in place.  More and more companies are implementing intrusion detection systems (IDS) including network intrusion detection systems (NIDS) and host intrusion detection systems (HIDS) solutions.  According to a 2003 Global Security Survey by Deloitte Touche Tohmatsu, 85 percent of respondents have deployed intrusion detection systems.  Since these systems can entail large expenses of equipment and software purchases, consulting fees and staff time, some companies are turning to managed security service providers (MSSPs) to manage their network monitoring.  Some MSSPs also offer their clients advance notice of threats that the MSSP may have identified while monitoring other networks.

Largely due to rampaging worms and viruses such as Slammer, patch management, change management and configuration management technology solutions have been raised in precedence within corporate risk management initiatives.  A slew of applications and tools exist to address the needs of patch, change, and configuration management, but the challenge is to find the right combination of tools that will do the job in any given environment.

Information security staffs don't have time to sift through the growing multitude of threat warnings and vulnerability alerts that crop up for all possible platform combinations every day.  So another information security technology trend that has developed is intelligent threat analysis--a service that provides threat and vulnerability alerts customized to a client's specific environment.

What Still Needs to Change

The information security changes in government, industry, and technology are notable, but where do we still need to improve in these areas?

If our government is serious about protecting critical information it will have to pass some sensible laws, contend information security experts.  "Make companies liable for insecurities, and you'll be surprised how quickly things get more secure," says Bruce Schneier, Founder and CTO of Counterpane Internet Security, Inc.

Information security managers need to do a better job of conveying how a company needs to protect its information to their CEOs and boards of directors.  Siebel Systems CIO Mark Sunday says that although corporate boards are more aware of security issues than ever, they still don’t fully understand them--and most boards don't like to fund things they don’t understand.  "As aware as CEOs and boards have become of security issues, spending in that area hasn't gone up in proportion and certainly not to the levels people expected," Sunday said.

Advanced information security technology exists that isn’t widely known or used by the mainstream.  "Our technology is too signature-based," says Jim Reavis, editor of CSOinformer and information security industry analyst.  "We’re only prepared to fight the last battle.  We need to get more predictive.  We need to use more behavioral technology."

Conclusion

In a survey conducted jointly by the Internet Security Alliance (ISAlliance), the National Association of Manufacturers (NAM) and RedSiren Technologies Inc. one year after September 11th, 2001, 40 percent of respondents reported that information security was considered more important than prior to September 11th.  Yet almost one-third said their companies were still not adequately equipped to deal with an attack on their computer networks.  The survey concluded that "many organizations need to revise how security risks, threats and costs are identified, measured and managed."

Is our information more secure two years after September 11th?  Unfortunately, not by a lot.  While some trends since 9/11 demonstrate progress in the field of information protection, opportunities for better information security practices clearly remain.

ABOUT THE AUTHOR

Marc R. Menninger is a Certified Information Systems Security Professional (CISSP) and has been active in the security industry for more than 10 years.  Marc has been a speaker at numerous conferences and seminars, has written several Cisco white papers and contributed to a published study guide for Cisco certification.  He has also written articles for the ISSA Journal, a publication of the Information Systems Security Association.  He is the founder and site administrator for the Open CSO Project (http://forum.OpenCSOProject.org/), a knowledge base for security professionals.


 

Data Recovery Software and Undelete from R-TT
Disk management software including utilities for data recovery, drive imaging, disk wiping and access control.
www.r-tt.com
 
Data Recovery | Email Data Recovery by Ontrack
Data recovery services, data recovery software, file repair software, and diagnostic software from Ontrack. Software for email recovery, file recovery and ...
www.ontrack.com
 
Data Recovery by DriveSavers | Hard Drive Data Recovery
Worldwide data recovery service for all operating systems and storage media. Authorized by all drive manufacturers.
www.drivesavers.com
 
Hard Drive Data Recovery Software Tools, Disk Recovery Utilities ...
Offers data recovery software,data recovery services for hard drive recovery and data safety software services for your computer. Buy award winning data ...
www.stellarinfo.com
 
Data Recovery by FADV – Hard Drive, RAID, Tape, Database and more ...
Offers data recovery services for all hard drive models. RAID, MS SQL, Exchange, Tapes, Camera and USB media, CD and DVD. Service available 24/7.
www.datarecovery.net
 
Data Recovery Software - File System Utilities
Data recovery software for all Windows file systems. Recover deleted files, corrupted hard drives, and partitions.
www.runtime.org
 
Professional Data Recovery Software from Bitmart. File Recovery ...
Data Recovery Software Restorer2000. Undelete & File Recovery utility for FAT and NTFS file systems. Data Recovery from damaged disks and partitions.
www.bitmart.net
 
Data Recovery Services - ActionFront - Critical Server Data Recovery
ISO certified data recovery services with labs in Atlanta, Santa Clara, Dallas, Chicago, Toronto (also Buffalo and Tokyo Japan)
www.actionfront.com
 
Hard Drive Data Recovery Software: Recover Deleted Files- Recover ...
Data recovery software for recovering files that have been deleted or lost due to the hard drive format, virus infection, unexpected system shutdown or ...
www.recovermyfiles.com
 
Data Recovery Group - Hard Drive Data Recovery Services
Data Recovery is Our Only Business! Data Recovery Group's a complete data recovery service that specializes in recovering data from hard disk drives.
www.datarecoverygroup.com
 
Data Recovery by CBL: Hard Drive Recovery Services
Worldwide Data Recovery Services at CBL. Specializing in data recovery, hard drive recovery, hard disk drive recovery and RAID data recovery.
www.cbltech.com
 
Data Recovery Software, File Repair Utilities, Hard Disk Recovery ...
Hard drive data recovery software to perform data recovery & recover deleted files from Novell, Linux, Unix, Mac, Windows & data recovery services for hard ...
www.nucleustechnologies.com
 
AT&DR: Data Recovery and Liabillity
Associated Technologies offers complete data recovery solutions with services for any type of data storage device, including the following: hard drives, ...
www.datarecovery.com
 
Ontrack UK - Data recovery services & recovery software - hard ...
Ontrack offers data recovery services & software for: hard drive recovery, file recovery, server recovery, email recovery, tape recovery, RAID recovery.
www.ontrack.co.uk
 
Beginners Guides: Hard Drive Data Recovery - PCSTATS.com
Beginners Guides: Hard Drive Data Recovery - PCSTATS.com.
www.pcstats.com
 
File Recovery and Data Recovery Software. Hard Drive recovery utility
Data recovery software for FAT, NTFS, Ext2FS file systems. File recovery after FDISK, MBR destruction, FAT damaged, virus infection. Dynamic disk support.
www.data-recovery-software.net
 
Data recovery - Wikipedia, the free encyclopedia
Data recovery is the process of salvaging data from damaged, failed, ... Although there is some confusion as to the term, data recovery can also be the ...
en.wikipedia.org
 
Active@ UNDELETE Data Recovery. Recover Deleted Files. Windows XP ...
Active@ UNDELETE - Data Recovery Software for all Windows File Systems. Recover deleted files from lost, damaged, formatted or reformatted partitions.
www.active-undelete.com
 
New Zealand Data Recovery & Computer Forensics Experts
New Zealand data recovery specialists & computer forensics investigation experts. Recovering lost data for businesses or legal evidence is all we do.
www.datarecovery.co.nz
 
Canada Data Recovery Services: Hard Disk Drive Recovery, Raid Data ...
Provides data recovery solutions for companies experiencing data loss from failed hard drives, raid arrays, and server systems.
www.datarecovery.ca
 
 

 

Content Menu
  • 10 easy steps to speed up your computer without upgrading

  • 10 proven tips to survive a computer crash

  • 7 critical steps to protect your data

  • add value by documenting your business

  • an introduction to tape backup

  • an outsourcers passage to india how to do it part i

  • are you prepared for a hard drive crash

  • asset searching for recovery actions the decision makers critical tool part 2

  • asset searching for recovery actions the decision makers most critical tool part 1

  • a beginner guide to web hosting

  • a customer complaint management system

  • a fresh start for family finances in 2005

  • background of password cracking

  • backing up your stuff part 2 a solution

  • before you take the plunge essential information on data recovery

  • booting problem in pc

  • business continuity and disaster recovery a business not a technology issue

  • business continuity and disaster recovery business impact analysis

  • business continuity and disaster recovery reducing your risk profile

  • business continuity and disaster recovery risk analysis and control

  • business continuity and disaster recovery selecting a business continuity strategy

  • business continuity and disaster recovery the business continuity and disaster recovery plan

  • business continuity testing starts with the risks

  • business needs vs network performance critical challenges facing network managers

  • can raid systems fail

  • career paths for a comptia a certified technician

  • career paths for comptia a certified technician

  • choosing a data recovery company

  • choosing data recovery company

  • common problems why hard disks crash

  • comparing data recovery software

  • compensating for disruptions in the oil and gas industry

  • computer data recovery options

  • computer disposal throwing away your computer money and idenity

  • computer viruses the basics

  • coping with a serious data loss from your computer hard drive

  • corporate information security is our information more secure since september 11th

  • datarecoverynet com enters medical industry

  • data backups are the biggest security threats

  • data backups are the biggest security threats surprised

  • data backups one key to business survival

  • data recovery

  • data recovery 1 on 1

  • data recovery and data loss a costly proposition

  • data recovery and data safety tips

  • data recovery beginners tips

  • data recovery for less

  • data recovery from laptops

  • data recovery made easy

  • data recovery software at your rescue

  • data recovery software comparison

  • data recovery the best method is prevention

  • data recovery the easy way

  • data recovery what not to do

  • data recovery what you need

  • data recovery you can get it back

  • data security are your assets secure

  • dealing with your pending pc disaster a guide for small business

  • did you ever want to completely erase everything on your computer

  • dirty little computer viruses and how to protect yourself

  • disaster planning ­v how important is it to you

  • disaster preparedness in a post 9 11 world

  • disaster recovery more than meets the eye

  • disc and data recovery

  • document management features for 2003

  • does it worth to backup emails from clients like outlook express

  • do it yourself data recovery freezer method

  • do i really need to backup

  • drive solutions inc expands data recovery service

  • easy file recovery basic backup guidelines

  • easy guide to raid recovery

  • eliminating the risk of delivering network ready applications

  • email recovery good software can fix your lost mail trouble

  • esecurity

  • exchange disaster recovery with sanrad v switch planning guide

  • e commerce a no nonsense perspective for new business

  • flash usb drive backup easily conveniently and securely

  • focusstor launches a new data backup recovery software

  • getting more bang for the storage buck

  • get down with ocp evaluating dba job applicants in an ocp world

  • got virus

  • got virus your data is not lost forever

  • great plains accounting support overview for it specialist

  • great plains dos support notes for consultant

  • great site ranking in google the secrets out

  • hackers given access to irs computers

  • hard disk data recovery expert choosing yours

  • hard dive failure what is a head crash

  • hard drive crash avoid making a bad situation worse

  • hard drive crash the essential data recovery report

  • health and medical advice on the internet use it wisely to overcome illness and find more happiness in your life

  • highlights of irs list of 2005 tax scam

  • highlights of irs list of 2005 tax scams

  • how multiple server hosting impacts your websites uptime

  • how multiple server hosting impacts your website s uptime

  • how multiple server hosting impacts your web sites uptime

  • how safe is your success part 5 of 8

  • how safe is your success part 6 of 8

  • how secure are online data backups

  • how to avoid everyday sales mistakes

  • how to backup a pc

  • how to backup windows xp home edition

  • how to backup your computer files

  • how to backup your hard drive

  • how to check the status of your tax refund online

  • how to fight cyberterrorism

  • how to prevent computer security risk and how to keep your small business safe

  • how why gps offers affordable fleet tracking

  • how you can avoid my data recovery nightmare

  • hr managers use computer forensics to investigate employee allegations

  • hurricanes wilma katrina and rita force businesses to rethink computer

  • identity theft and credit reports

  • identity theft recovery the road back

  • identity theft safeguarding cant hurt

  • identity theft the road back

  • improving sql performance

  • index

  • information security for smes

  • insure your information backup software

  • internet network security policies need a radical rethink

  • intranet

  • iscsi vs fc for meeting mission critical requirements

  • its all in the planning disaster recovery

  • it department skills to support microsoft great plains and microsoft crm

  • it in house support microsoft great plains and crm

  • keep a diary of your computer

  • learn how to safely backup your hard drive

  • lightning season how to avoid data loss

  • linux or windows which is it

  • loans for bad debtors discarding debt disorganization to recover financial growth

  • local vs remote data backup the pros and cons

  • mcse 70 290 certification primer

  • microsoft great plains customization recovery upgrade for large corporation

  • microsoft great plains customization upgrade recovery visual studio vb 6 0

  • microsoft r exchange server utilities eseutil isinteg

  • microsoft sql 2000 disaster recovery with sanrad v switch planning guide

  • mr

  • need a copy of your tax return information

  • new generation of financial information systems makes crunching numbers faster and easier

  • new iomega tera series desktop hard drive with 1tb capacity

  • nucleus kernel for fat and ntfs

  • nucleus kernel for fat data recovery software

  • nucleus kernel for fat ntfs data recovery software

  • nucleus kernel for ntfs data recovery softwares

  • online investing and trading discussions at www streetplayer com

  • openly sharing your rfp objectives and information with vendors

  • options for computer data recovery

  • outsourcing it asset retirement

  • outsourcing multiplying it services

  • paragon drive copy 8 0

  • planning for 2002 business recovery use public relations firepower

  • protecting your identity on the internet

  • protect yourself before your hard drive crashes

  • quick system restore with asr backups

  • raid disk recovery

  • ready for a business recovery

  • recognizing a pc with malware

  • recover deleted data easily

  • reduce tco the java database way

  • reinstall windows xp on your computer

  • rotator

  • scalability testing 7 steps towards success

  • scalability testing 7 tips for improvement

  • secure offsite backup services and software online file backup and storage remote online backup

  • secure your data windows data backup computer software

  • small business computer security the basics

  • small business network security 101

  • software that takes care of other software

  • sql administrator skills required to support microsoft great plains

  • syi save your identity

  • teosoft cleanspace 9 software

  • the best data recovery choice for you

  • the day my laptop was stolen almost killed my business

  • the devastation of data loss and what you can do about it

  • the essential data recovery report

  • the google patent reveals the secret to great site ranking

  • the importance of engaging a qualified data recovery expert

  • the importance of proper security for your pc

  • the mystery of the unknown

  • the seven deadly habits of a dba and how to cure them

  • the seven golden rules of data backups

  • the worst case scenario how to protect your data

  • think you have a dead hard drive

  • top 10 ways to protect yourself from computer viruses

  • top 10 ways to protect yourself from online identity theft

  • top 5 backup tools you can pick up for pennies

  • top 7 reasons you should back up your data online

  • top computer problems leading to data recovery

  • trouble shooting hard drive problems part 2

  • using sanrad v switch as the vss hardware provider for windows backups

  • using system restore to save yourself from formatting your hard drive

  • webfarms ii balancing the load

  • welcome to the world of knoppix

  • what could macedonia learn from a tiger the asian tigers and the phenomenon of uninterrupted economic growth

  • what is data recovery

  • what is data recovery a brief introduction

  • why usability is important to you

  • will you recover

  • working from home for yourself or someone else

  • your hard disk failed dont panic

  • your hard disk failed don t panic

  • your hard drive is going to explode why a ups is essential

  • your privacy exposed computer forensics international uncovers secrets about recycled hard drives

  • you can recover deleted data

  • you lost your data dont panic

  • you need to backup