Security for Today’s Businesses

By: John AhearnA Technology and Security Professional

Security is Holistic

Training and Education.Systems for Checking and Verifying.Controlling All Communications.

Data Secured in Layers with Clock.Information Needs to be Checked Out,

Checked Back In and Use Verified.Identity Systems Must Be Fail Safe.

What are the Threats?

1. Bots & Bot Herders: Inside your computers ready to be controlled by another.

2. Phishing: Staff and Confidential Vendors lured into a false sense of confidence.

3. Malware: Viruses and Spies causing damage and leaks.

4. Identity Theft: There are various ways to get the simple information used to

identify a person in our current systems.

5. Internal Weakness: Internal operations, staff and affiliates are the weakest links.

6. Advanced Criminals: Attack sophistication and schemes are growing.

7. Traditional Security Procedures: Basic methods from the Military and

Government are being under rated and not used in private business.

8. Total Compliance: All staff need to be participating and aware.

What Should We Be Doing?

1. Create programs sponsored by the organization’s leaders based on risk reduction and business continuity.

2. Secure the inside of your operations through granular data and staff control.

3. Monitor, review, investigate, respond and evolve your security operations.

4. “Check the checkers” and verify all the systems and operations with other reliable entities.

5. Biometrics and Secure Identification systems are the future.6. Build redundancy and fail safe entities into operations.7. Create professional and controlled opportunities to catch thieves.8. Document and define all systems you operate.9. Monitor and control all systems you must use.10. Start thinking in a new way.

What is the New Think?

1. Define what is normal and design your system from inclusion.2. Don’t fight the battle from defining only “what should not be

done.” Think about and define exactly “what is normal.”3. Actively look for abnormalities and weak links in all staff and

systems.4. Human Resources are vital in developing the people and policies

for your company. Actively evolve behavior and systems acceptance.

5. Executives must be involved and drive the process.6. No one should be able to get around your security programs in

order to avoid personal risk or responsibility.7. Define what your are protecting with classifications and time

frames.8. Encryption technology is currently sufficient but its use is not

standardized and the ends points are exposed.

SUMMARY• New virtualized environments and cloud computing will force the loss of legacy physical security methods.• Security evolves and does not happen overnight.• Security needs to be a layered set of checks & balances.• Security involves everyone in the organization.•Contractors and affiliates need to be an integral part of your program.•Security will soon drive the success of a business and give you the advantage over your competition.•Security systems will start to standardize and the government will have to take a more active role in standards.