The document discusses security for today's businesses. It outlines that security must be holistic, involving training, systems for checking and verifying access, and controlling communications. The main threats are listed as bots, phishing, malware, identity theft, internal weaknesses, advanced criminals, and lack of traditional security procedures. The document recommends that businesses create risk-reduction programs led by executives, secure internal operations through data and staff control, monitor security operations, and use biometrics and redundancy. It advises defining what is normal and looking for abnormalities, getting executive involvement, classifying protected information, and using encryption, though not always standardized.
1 of 2
Download to read offline
More Related Content
Ahearn Security Presentation
1. Security for Todays Businesses
By: John Ahearn:: A Technology and Security Professional:: john.james.ahearn@gmail.com
Security is Holistic
1. Training and Education.
2. Systems for Checking and Verifying.
3. Controlling All Communications.
4. Data Secured in Layers with Clock.
5. Information needs to be Checked Out, Checked Back In and Use Verified.
6. Identity Systems Must Be Fail Safe.
What are the Threats?
1. Bots & Bot Herders: Inside your computers ready to be controlled by another.
2. Phishing: Staff and Confidential Vendors lured into a false sense of confidence.
3. Malware: Viruses and Spies causing damage and leaks.
4. Identity Theft: There are various ways to get the simple information used to identify a person in our current systems.
5. Internal Weakness: Internal operations, staff and affiliates are the weakest links.
6. Advanced Criminals: Attack sophistication and schemes are growing.
7. Traditional Security Procedures: Basic methods from the Military and Government are being under rated and not
used in private business.
8. Total Compliance: All staff need to be participating and aware.
What Should We Be Doing?
1. Create programs sponsored by the organizations leaders based on risk reduction and business continuity.
2. Secure the inside of your operations through granular data and staff control.
3. Monitor, review, investigate, respond and evolve your security operations.
4. Check the checkers and verify all the systems and operations with other reliable entities.
5. Biometrics and Secure Identification systems are the future.
6. Build redundancy and fail safe entities into operations.
7. Create professional and controlled opportunities to catch thieves.
2. 8. Document and define all systems you operate.
9. Monitor and control all systems you must use.
10. Start thinking in a new way.
What is the New Think?
1. Define what is normal and design your system from inclusion.
2. Dont fight the battle from defining only what should not be done. Think about and define exactly what is normal.
3. Actively look for abnormalities and weak links in all staff and systems.
4. Human Resources are vital in developing the people and policies for your company. Actively evolve behavior and
systems acceptance.
5. Executives must be involved and drive the process.
6. No one should be able to get around your security programs in order to avoid personal risk or responsibility.
7. Define what your are protecting with classifications and time frames.
8. Encryption technology is currently sufficient but its use is not standardized and the ends points are exposed.
SUMMARY
New virtualized environments and cloud computing will force the loss of legacy physical security methods.
Security evolves and does not happen overnight.
Security needs to be a layered set of checks & balances.
Security involves everyone in the organization.
Contractors and affiliates need to be an integral part of your program.
Security will soon drive the success of a business and give you the advantage over your competition.
Security systems will start to standardize and the government will have to take a more active role in standards.