|
|
|
A Fresh Start for Family Finances in 2005
While 40% to 50% of us make New Year’s resolutions on January 1—a ritual that has existed since ancient times—approximately 60% to 80% of us have already broken them by the end of February, according to researchers. It’s still not too late,...
Career Paths For Comptia A+ Certified Technician
The world is your oyster. Where you decide to take your career after this is entirely up to you. There are some things to consider depending on your geographic location. If you happen to live in or near the larger populated cities, competition for...
Identity Theft: The road back
A couple of weeks ago, a friend of mine mentioned that one of his co-workers recently recovered his stolen identity. I asked how long the process took. "Only two years" he replied. Compared to the six year nightmare suffered by one of my business...
Secure Your Data - Windows Data Backup Computer Software
In nowadays computers have entered almost every imaginable domain in our lives - from our homes to space shuttles. As they hold more and more precious data - in material or merely sentimental way - securing that data is not only option, but a must....
Small Business Computer Security, the Basics
Anyone in business today realizes both the natural dependency on computers in the workplace, and also the potential dangers associated with storing important data on them. Today’s business owners are constantly being reminded that their...
|
|
| |
|
|
|
|
|
|
Data Security; Are your Assets Secure?
Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. You may not see it, but almost all of your company's information is in digital form somewhere in the system. These assets are critical because they describe everything about you; your products, customers, strategies, finances, and your future. They might be in a database, protected by data-center security controls, but more often than not, these assets reside on desktops, laptops, home computers, and more importantly in email or on some form of mobile computing device. We have been counting on our firewall to provide protection, but it has been estimated that at least fifty percent of any given organization's information is in email, traveling through the insecure cyberspace of the Internet.
Digital Assets are Unique
Digital assets are unlike any other asset your company has. Their value exceeds just about any other asset your company owns. In their integral state they are worth everything to your company; however, with a few "tweaks" of the bits they are reduced to garbage. They fill volumes in your data center, yet can be stolen on a keychain or captured in the air. Unlike any other asset, they can be taken tonight, and you will still have them tomorrow. They are being created every day, yet they are almost impossible to dispose of, and you can erase them and they are still there. How can you be sure that your assets are really safe?
Understanding Physical Security Architectures
Physical assets have been secured for thousands of years, teaching us some important lessons. An effective security architecture uses three basic security control areas. Let's assume you want to create a secure home for your family; what would you do? Most of us started with the basics; doors, windows, locks, and perhaps a fence. Second, we rely on insurance, police protection, and we may have even purchased an attack dog or a personal firearm. Given these controls, you may have taken one more step to provide some type of alarm. Not trusting your ears to detect an intrusion, you might have installed door and window alarms, glass break sensors, or motion detection. You may have even joined the neighborhood watch program in your area. These are the controls everyone uses, and they are similar to the controls that have been used since the beginning of mankind.
Which is most important? Looking at the three categories of security controls used, the first consists of protective devices that keep people out; doors, windows, locks, and fences. Secondly, alarms notify us of a break-in. Finally we have a planned response control; the police, use of a firearm, or recovery through insurance. At first glance it may appear that the protective controls are the most important set of controls, but a closer look reveals that detection and response are actually more important. Consider your bank; every day the doors are open for business. This is true of just about every business, home, or transportation vehicle. Even the bank safe is generally open throughout the day. You can see it from the bank teller counter, but step over the line and you will find out how good their detection-response
plan is.
Evaluating your Company's Approach
Now look at your digital assets; how are they protected? If you are like most organizations, your entire security strategy is built on protection controls. Almost every organization in America today has a firewall, but does not have the ability to detect and respond to unauthorized users. Here is a simple test; run a Spyware removal program on your system and see what comes up. In almost every case you will find software installed on your system that was not installed by an authorized user. In the past this has been an irritation; in the future, this will become the program that links uninvited guests to your data. Bruce Schneier, a well known security author and expert writes in his book, Secrets and Lies, "Most attacks and vulnerabilities are the result of bypassing prevention mechanisms". Threats are changing. The biggest threats likely to invade your systems will bypass traditional security measures. Phishing, spyware, remote access Trojans (RATS), and other malicious code attacks are not prevented by your firewall. Given this reality, a detection response strategy is essential.
It's time to review your security strategy. Start by asking three questions. First, which assets are critical to your business, where are they located, and who has access to them? Second, what threats exist? Determine who would want your data, how they might gain access, and where the possible weaknesses in your security architecture lie. Finally, how comfortable are you with your company's ability to detect and respond to unauthorized access. If someone wants access to your data, preventative measures alone won't stop them.
Begin planning a balanced security architecture. Start by adding detection controls to your prevention architecture. This does not mean simply adding intrusion prevention software (IPS), but rather creating a system to proactively monitor activity. Intruders make noise, just like in the physical world, and with proper event management, combined with zero-day defense technologies of IPS, network administrators can begin to understand what normal activity looks like and what anomalies might be signs of an attack. In a recent interview with Scott Paly, President and CEO of Global Data Guard, a Managed Services Security Provider (MSSP), Scott said, "Threats such as worms and new hacker techniques constantly morph, so the most viable model for optimum security is a blend of preventive and predictive controls based on analysis of network behavior over time". By balancing prevention, detection, and response, companies can defeat most of the latest hacker attempts.
About the author:
David Stelzl, CISSP is the owner and founder of Stelzl Visionary Learning Concepts, Inc. providing keynotes, workshops, and professional coaching to technology resellers. David works with executive managers, sales people, and practice managers who are seeking to become market leaders in technology areas that include Information Security, Managed Services, Storage and Systems solutions, and Networking. Contact us at mailto:info@stelzl.us or visit http://www.stelzl.usto find out more.
|
|
|
|
|
| Data Recovery Software and Undelete from R-TT |
| Disk management software including utilities for data recovery, drive imaging, disk wiping and access control. |
| www.r-tt.com |
|
| Data Recovery | Email Data Recovery by Ontrack |
| Data recovery services, data recovery software, file repair software, and diagnostic software from Ontrack. Software for email recovery, file recovery and ... |
| www.ontrack.com |
|
| Data Recovery by DriveSavers | Hard Drive Data Recovery |
| Worldwide data recovery service for all operating systems and storage media. Authorized by all drive manufacturers. |
| www.drivesavers.com |
|
| Hard Drive Data Recovery Software Tools, Disk Recovery Utilities ... |
| Offers data recovery software,data recovery services for hard drive recovery and data safety software services for your computer. Buy award winning data ... |
| www.stellarinfo.com |
|
| Data Recovery by FADV – Hard Drive, RAID, Tape, Database and more ... |
| Offers data recovery services for all hard drive models. RAID, MS SQL, Exchange, Tapes, Camera and USB media, CD and DVD. Service available 24/7. |
| www.datarecovery.net |
|
| Data Recovery Software - File System Utilities |
| Data recovery software for all Windows file systems. Recover deleted files, corrupted hard drives, and partitions. |
| www.runtime.org |
|
| Professional Data Recovery Software from Bitmart. File Recovery ... |
| Data Recovery Software Restorer2000. Undelete & File Recovery utility for FAT and NTFS file systems. Data Recovery from damaged disks and partitions. |
| www.bitmart.net |
|
| Data Recovery Services - ActionFront - Critical Server Data Recovery |
| ISO certified data recovery services with labs in Atlanta, Santa Clara, Dallas, Chicago, Toronto (also Buffalo and Tokyo Japan) |
| www.actionfront.com |
|
| Hard Drive Data Recovery Software: Recover Deleted Files- Recover ... |
| Data recovery software for recovering files that have been deleted or lost due to the hard drive format, virus infection, unexpected system shutdown or ... |
| www.recovermyfiles.com |
|
| Data Recovery Group - Hard Drive Data Recovery Services |
| Data Recovery is Our Only Business! Data Recovery Group's a complete data recovery service that specializes in recovering data from hard disk drives. |
| www.datarecoverygroup.com |
|
| Data Recovery by CBL: Hard Drive Recovery Services |
| Worldwide Data Recovery Services at CBL. Specializing in data recovery, hard drive recovery, hard disk drive recovery and RAID data recovery. |
| www.cbltech.com |
|
| Data Recovery Software, File Repair Utilities, Hard Disk Recovery ... |
| Hard drive data recovery software to perform data recovery & recover deleted files from Novell, Linux, Unix, Mac, Windows & data recovery services for hard ... |
| www.nucleustechnologies.com |
|
| AT&DR: Data Recovery and Liabillity |
| Associated Technologies offers complete data recovery solutions with services for any type of data storage device, including the following: hard drives, ... |
| www.datarecovery.com |
|
| Ontrack UK - Data recovery services & recovery software - hard ... |
| Ontrack offers data recovery services & software for: hard drive recovery, file recovery, server recovery, email recovery, tape recovery, RAID recovery. |
| www.ontrack.co.uk |
|
| Beginners Guides: Hard Drive Data Recovery - PCSTATS.com |
| Beginners Guides: Hard Drive Data Recovery - PCSTATS.com. |
| www.pcstats.com |
|
| File Recovery and Data Recovery Software. Hard Drive recovery utility |
| Data recovery software for FAT, NTFS, Ext2FS file systems. File recovery after FDISK, MBR destruction, FAT damaged, virus infection. Dynamic disk support. |
| www.data-recovery-software.net |
|
| Data recovery - Wikipedia, the free encyclopedia |
| Data recovery is the process of salvaging data from damaged, failed, ... Although there is some confusion as to the term, data recovery can also be the ... |
| en.wikipedia.org |
|
| Active@ UNDELETE Data Recovery. Recover Deleted Files. Windows XP ... |
| Active@ UNDELETE - Data Recovery Software for all Windows File Systems. Recover deleted files from lost, damaged, formatted or reformatted partitions. |
| www.active-undelete.com |
|
| New Zealand Data Recovery & Computer Forensics Experts |
| New Zealand data recovery specialists & computer forensics investigation experts. Recovering lost data for businesses or legal evidence is all we do. |
| www.datarecovery.co.nz |
|
| Canada Data Recovery Services: Hard Disk Drive Recovery, Raid Data ... |
| Provides data recovery solutions for companies experiencing data loss from failed hard drives, raid arrays, and server systems. |
| www.datarecovery.ca |
|
|