Editor's note
Editor's note
Editor's note
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
your business managers do not approve the purchase<br />
of a good firewall and intrusion protection system, or fail<br />
to enroll into hardware maintenance for an important<br />
server – the IT staff will not be able to do much in the<br />
event of a hacking, data loss or some other technical<br />
problem on that server.<br />
Provide Proper Manpower<br />
Reduced manpower and facilities in critical areas will<br />
inevitably, directly or indirectly, affect the business. It<br />
is worth highlighting that no matter how secure the<br />
technology is people are still the key to real security.<br />
If employees do not see security as a top priority, then<br />
even the most secure system can easily be broken into.<br />
Even with robust technology, there is always a need<br />
for high-quality employees and a proper education<br />
in place between business and employee. After all,<br />
unprofessional or disaffected users all too often pass<br />
critical information like passwords, loopholes, codes,<br />
etc., to others. Secondly, your business managers must<br />
ensure that departments have the necessary manpower<br />
in all areas. It is very common in organizations to skimp<br />
on manpower when it comes to support, maintenance,<br />
etc., but demand the best from a slave-sized workforce.<br />
The common saying Hire an Einstein, but refuse his<br />
request for a blackboard describes a situation that is<br />
prevalent in many organizations worldwide.<br />
Implement recommendations<br />
Your business managers must listen to recommendations<br />
proposed by technical staff, support staff, etc, for<br />
implementing a proper hacker prevention environment.<br />
Establishing such a system is an expensive business.<br />
Not every critical IT function can be worked around<br />
with a low-cost alternative. It is a common practice<br />
in many organizations to ignore or avoid IT and non-<br />
IT recommendations by giving standard excuses,<br />
like cost, even though organizations will be perfectly<br />
capable of affording it. If you are serious about intrusion<br />
prevention, then your senior management must support<br />
the necessary costs and budgets for implementing all<br />
sensible recommendations, industry standards and<br />
workarounds necessary for intrusion prevention.<br />
Get involved<br />
Senior management, including the CEO, must get<br />
involved in all aspects of their organization’s intrusion<br />
prevention processes. You must have a Show me<br />
or Prove it to me attitude to ensure your business<br />
is truly protected. Nowadays, having a proper cyber<br />
security system for many organizations is a mandatory<br />
business and audit requirement. So it should not be<br />
taken lightly.<br />
starterkit 02/2011(2)<br />
Policies<br />
Just like other essential policies in HR, finance, etc,<br />
a proper intrusion prevention policy must be enforced<br />
for all critical systems by the senior management.<br />
Secondly, all concerned employees must be properly<br />
trained to handle and report suspicious activities on their<br />
computer systems. Periodic audits must be conducted<br />
to ensure employees are following all policies and<br />
processes.<br />
Sustained commitment<br />
Cyber security is like insurance and costs money<br />
constantly. It is not enough to show interest and invest<br />
some money on a one-off basis. One of the primary<br />
roadblocks for cyber security will be lack of sustained<br />
top management commitment. For example, the top<br />
management may approve the establishment of a<br />
good cyber security system at a time when they are<br />
particularly influenced by business and competitive<br />
pressures. But later they may not be willing to invest<br />
the necessary ongoing budgets and manpower to<br />
keep the system fully operational at all times. This can<br />
result in their systems becoming outdated and become<br />
vulnerable to attacks. So continuous commitment and<br />
expenditure are required to establish the latest proper<br />
cyber security standards.<br />
In spite of all the precautions it is still possible to<br />
get hacked. Nevertheless, with the above kinds of<br />
involvement by business managers your organization<br />
can be assured of a highly secure cyber security<br />
system that can handle almost all types of hackings.<br />
Finally, we can end this article with a quote by David<br />
Brower who says – All technology should be assumed<br />
guilty until proven innocent.<br />
THEJENDRA<br />
Thejendra is an IT manager from India. He is also the author<br />
of Practical IT Service Management, Disaster Recovery &<br />
Business Continuity, God is No Angel, etc. Visit his web cave –<br />
www.thejendra.com for more details.<br />
Page 43 http://pentestmag.com