Pages

Friday, April 20, 2012

Where is your greatest threat?

As IT Security professionals, we spend a great deal of our time and effort (not to mention our budgets) looking for threats and performing actions to mitigate the damage that occurs. To quote The Sphinx from Mystery Men (1999), "Those who fail to plan, plan to fail." - Corny but true. Damage will occur; if you can access a network, someone can as well. My time honored analogy of the "only secure computer is an unplugged machine, encased in a solid block of Lucite, without any connection to the world - anything less than that is a compromise" still rings true.

Our focus tends to be the outside threat - Probes, Viruses, port scanning,  hacking attempts, and the like. And reasonably so; these seem to get the most "bad press". But enough of us forget the real threat comes from an uneducated pool of users on the other side of our firewalls. The last two weeks of NSI's Security NewsWatch had dealt extensively with internal treat assessments and re-educating the userbase.  There is a short but good article at Computer Business Review's site on this. The article points out that over a quarter of all serious security incidents come from Senior Management, but shockingly 19% come from ourselves.


Sophos has also started an free education program to assist us in educating not only our users but as a good refresher course for ourselves.  A toolkit with videos, posters, emails, etc. can be found here

No comments:

Post a Comment