Who sho uld wo rk with law enf o rcement and with the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: es might be pushed o ut to all clients o f a f irm (the mo re users, the “smarter” the system can po tentially beco me—again we see the po wer o f netwo rk ef f ects in actio n). Lo ck do w n partners. Insist partner f irms are co mpliant, and audit them to ensure this is the case. This includes techno lo gy pro viders and co ntract f irms, as well as value chain participants such as suppliers and distributo rs. Anyo ne who to uches yo ur netwo rk is a po tential po int o f weakness. Many f irms will build security expectatio ns and co mmitments into perf o rmance guarantees kno wn as service level agreements (SLAs). Lo ck do w n systems. Audit f o r SQL injectio n and o ther applicatio n explo its. The security team must co nstantly scan explo its and then pro be its systems to see if it’s susceptible, advising and enf o rcing actio n if pro blems are unco vered. This kind o f auditing sho uld o ccur with all o f a f irm’s partners. Access co ntro ls can also co mpartmentalize data access o n a need-to -kno w basis. Such to o ls can no t o nly enf o rce access privileges, they can help create and mo nito r audit trails to help verif y that systems are no t being accessed by the unautho rized, o r in suspicio us ways. Audit trails are used f o r deterring, identif ying, and investigating these cases. Reco rding, mo nito ring, and auditing access allo ws f irms to hunt f o r patterns o f abuse. Lo gs can detail who , when, and f ro m where assets are accessed. Giveaways o f nef ario us activity may include access f ro m unf amiliar IP addresses, f ro m no nstandard times, accesses that o ccur at higher than usual vo lumes, and so o n. Auto mated alerts can put an acco unt o n ho ld o r call in a respo nse team f o r f urther o bservatio n o f the ano maly. Single-sign-o n to o ls can help f irms o f f er emplo yees o ne very stro ng passwo rd that wo rks acro ss applicatio ns, is changed f requently (o r managed via hardware cards o r mo bile pho ne lo g-in), and can be altered by passwo rd management staf f . Multiple administrato rs sho uld jo intly co ntro l key systems. Majo r co nf iguratio n changes might require appro val o f multiple staf f ers, as well as the auto matic no tif icatio n o f co ncerned perso nnel. And f irms sho uld emplo y a reco very mechanism to regain co ntro l in the event that key administrato rs are incapacitated o r unco o perative. This balances security needs with an ability to respo nd in the event o f a crisis. Such a system was no t in place in the earlier described case o f the ro gue IT staf f er who held the city o f San Francisco ’s netwo rks ho stage by ref using to give up vital passwo rds. Hav e failure and reco v ery plans. While f irms wo rk to prevent inf iltratio n attempts, they sho uld also have pro visio ns in place that plan f o r the wo rst. If a co mpro mise has taken place, what needs to be do ne? Do sto len assets need to be devalued (e.g., acco unts terminated, new acco unts issued)? What sho uld be do ne to no tif y custo mers and partners, educate them, and advise them thro ugh any necessary respo nses? Who sho uld wo rk with law enf o rcement and with the media? Do o f f -site backups o r redundant systems need to be activated? Can systems be reliably resto red witho ut risking f urther damage? Best practices are beginning to emerge. While po stevent triage is beyo nd the sco pe o f o ur intro ductio n, the go o d news is that f irms are no w sharing data o n breaches. Given the po tential negative co nsequences o f a breach, o rganizatio ns o nce rarely admitted they’d been...
View Full Document

This document was uploaded on 01/31/2014.

Ask a homework question - tutors are online