Network Security Strategy
   
 

 

  

HOME

NEWS

QUIKINFO

TOPICS 

FORUMS

RESOURCES

SUBSCRIBE

SITE SPONSORS

 

 
 

 
 

 
 

 
 

 

 

 
 

 

 
 
 

 
 
 
 
 
 

 

Network Security Strategy
Building a Blueprint for Network Security
December 29, 2003
By Paul Rubens

A Culture of Security

This points to the cultural aspect of security — too often users find security measures simply as impediments to their work, annoyances that are circumvented whenever possible. It’s only when a culture of security is instilled into an organization — so that every employee is aware of security measures and why they have been put in place — that security can be effective. “If you get employees involved, there is a far higher chance of succeeding in improving security, and getting employees to keep other employees in line,” Wilke says.

Outside consultants can certainly add value to a security exercise, but their greatest value comes only after it’s clearly understood what needs protecting and once all employees have been involved. “The types of attacks that companies are experiencing is changing constantly, and most companies can’t cope themselves, so it simply makes sense to get outside help,” says Mike Arnavutian, head of security strategy at BT Global Services.

“A security consultant like us can manage security for a company, removing risk and taking liability — and would charge on that basis.” It’s not only expertise that consultants can bring: security specialists can often offer considerable benefits of economies of scale. “If you look at the cost of monitoring and managing a system, it’s often cheaper for outside experts to do it for you,” he says.

Outside companies can also help by providing alternate facilities for use in a disaster, which may often be necessary from a risk management point of view, but which can also be prohibitively expensive to equip and have standing idle.

When is it safe to say “enough is enough,” and relax in the knowledge that the network is secure and all prudent measures have been put in place? Sadly, the answer is “never.”

Security is a process, not a task, and it needs to be reviewed critically and regularly. New threats appear all the time, and measures that are satisfactory one day may be woefully inadequate the next. The only way to be sure that you are doing enough is by understanding that when it comes to security, nothing is ever enough for long.

 

 

copyright 2004, Security Trends, all rights reserved worldwide

powered by

2100v New Media