Archive for the ‘security’ Category

Secure Your Data And Boost Your Career

Thursday, September 16th, 2010
Image CreditGood IT Security Starts With Knowing What Needs A Lock

Good IT Security Starts With Knowing What Needs A Lock

I guess I could have used a different title also “Make Your Data Unsecure and Sink Your Career”! Although IT Leaders spend much of their time worrying about making sure that their IT teams are working together to be successful, that pesky issue of data security keeps creeping into everything that we do. Maybe it’s time for you to make a plan…

What You Are Doing Wrong Right Now

One of the keys to having a successful IT Leader career is to not get caught up in some big data breech incident – it’s hard for an IT career to recover from something like that. Even fancy new IT trends like cloud computing won’t save the day – it just means all of your valuable stuff is in one place for the hackers to attack.

Right now too many IT Leaders’ approach to securing their company’s data is to realize that they’ve got a bunch of valuable data sitting on a bunch of servers inside of some data center. Their approach is to install guards (firewalls) and to limit how people can gain access to the data (intrusion detection systems). Although this is a necessary step, it’s not nearly enough.

The Right Way To Do Data Security

So if we know what the wrong (or at least incomplete) way to do data security is, what should IT Leaders be doing? Simply put, you need a new security strategy.

The goal is pretty straightforward. You should be able to protect both your structured and unstructured data no matter where it is: being used by both employees and customers, stored on a network file system, or as it’s in flight over the network.

What we’re really talking about is doing away with the old idea of an IT information security program and instead replacing it with an enterprise risk management program.

What Are The Right Questions To Ask?

Michael Davis is a security consultant who has taken a look at this issue and he believes that there are four questions that need to be asked by the person who owns each piece of corporate data:

  • Where is the data?

  • What exactly is the data?

  • Who has access to the data?

  • Why do they need to have access to it?

Taking the time to ask, answer, and remember what the answer was to these questions is the key to developing a sound corporate data security program.

Who Should Be In Charge?

The final question that you need an answer to is just exactly who should have the ultimate responsibility for the security of your data? Interestingly enough, the answer does not lie in IT.

Instead, the experts recommend that a non-technical business-side owner be selected and vested with the power to make all decisions regarding the data in question. By doing it this way, you can ensure that the business value of the data being secured will be part of any decision regarding how to secure it.

What All Of This Means For You

IT Leaders walk a fine line: they need to complete their IT projects as quickly as possible and yet at the same time they need to take the time to make sure that corporate data remains secure. The old ways of doing this are no longer enough.

IT security programs are morphing to become part of a larger enterprise risk management program. Assigning a non-IT person to be responsible for making decisions about a given type of corporate data is the first step. The next step is to make sure that the right questions are being asked.

You can never completely guard against a hacker breaking in and attacking your data. However, smart IT Leaders know that with the right responsible parties and by asking the right questions, it is possible to do a good job of securing the data that needs to be secured.

- Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Management Skills™

Question For You: What part of the company do you think that the owner of corporate data should come from?

Click here to get automatic updates when The Accidental IT Leader Blog is updated.

What We’ll Be Talking About Next Time

If IT was a game show and you were a contestant on it, right now it sure seems as though you could correctly any question that you were asked by replying “cloud computing”. That’s because cloud computing, basically outsourcing parts of your next IT project’s IT infrastructure and applications, sure seems like a great idea. However, early reports back from the front lines by other IT Leaders are starting to paint a different picture…

Tags: , , , , , ,
Posted in security | 5 Comments »

Just Who’s Job Is Network Security Anyway?

Thursday, July 15th, 2010
Image Credit Who's In Charge Of Making Your Network A Safe Place?

Who's In Charge Of Making Your Network A Safe Place?

IT Leaders hope to be able to do their work in a secure environment – the last thing that any of us want to have worry about is dealing with an attack on our servers or network from bad guys. However, have you ever stopped to wonder just who’s job it is to keep everything secure?

How Goes The Battle?

Everyone in IT knows that there is a constant struggle going on between the good guys and the bad guys. The larger the company that you work for, the more often you’ll be attacked. This means that you need to be playing your role in helping the rest of the company constantly reevaluate its security policies.

If you need some good news, here it is: most companies are getting better at dealing with the IT monsters that we now recognize – worms, viruses, and others. The bad news is that the threats continue to evolve and mutate. The bad guys just keep getting smarter.

Who’s The Target?

Should you even be worrying about this? I mean, look, you’ve got enough on your plate already – do you really have to deal with this? The folks over at CIO Insite did a survey awhile back and found out that 50% of companies that are big (revenue of over $1B) have said that their web sites and corporate data have been targeted by the bad guys.

What Should Your Role Be?

This is where things start to get tricky. For you see, everyone in IT really has a role to play in keeping the company’s IT assets secure. How an IT Leader goes about doing this can have a big impact on both their career as well as how secure the company is.

All too often, a company exists in react mode. We’ve all see how this plays out. An attack from the outside will be detected and then as many IT staffers who can be roped in are thrown into the mix in order to take the servers that are being attacked off line, make sure that all of the needed patches have been applied to the other servers, and then keep an eye out on the rest of the network in order to detect any unusual going ons.

As IT Leaders we need to realize that is exactly the wrong way to go about doing these things. What is needed is more of an automated approach to keeping the company’s severs, web sites, and network secure. The right way to do this is to establish standard procedures as well as a consistent set of company policies that get implemented in order to make sure that all of your security updates are in place. This is the key to stopping the “we’re under attack” madness.

What All Of This Means For You

Although your firm may have an IT team dedicated to network security, it is still the responsibility of every IT Leader to lend a hand in helping to keep the bad guys out.

Just exactly how to go about doing this is different at every company. In the worst case, it can mean leading a hand when an attack on the firm’s IT resources is detected. However, the smart IT Leaders deal with the problem before it shows up and create automated ways to keep IT resources secure.

Security is a part of every IT Leader’s life. Make sure that you spend the time helping to secure the company’s assets before things get bad and then you’ll be able to sleep better at night…!

- Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Management Skills™

Question For You: Who do you think should have the final say on securing the company’s IT assets?

Click here to get automatic updates when The Accidental IT Leader Blog is updated.

What We’ll Be Talking About Next Time

Quiz: what’s the best way to get your IT Leader career on the fast track to success? Answer: find yourself a good mentor. If you can find such a mentor, then you might think that you’ve got it made in the shade, so to speak. Umm, maybe not. If that mentoring relationship goes bad, your career just might be in trouble…

Tags: , , , , , ,
Posted in security | 3 Comments »

Smooth Cyber-Criminals: What’s An IT Leader To Do?

Thursday, June 24th, 2010
Image Credit Cyber Crime Is On The Rise, Who You Gonna Call?

Cyber Crime Is On The Rise, Who You Gonna Call?

If you were a bank manager and all of sudden one day armed and masked criminals walked in through the bank’s front door and demanded money, what would you do? I can think of a whole bunch of possible options, many of them suggested by countless action movies. The key point here is that you sure wouldn’t just sit there and do nothing. So why, as cyber criminals target your company’s IT infrastructure, are you just sitting there today?

What’s Missing?

Hey, you’re just an IT Leader right? You spend your days trying to get a team of IT professionals to work together to accomplish great things for the company, who’s got time to worry about cyber criminals coming in from the outside? Well guess what, just like preventing forest fires, stopping cyber crime is everyone’s job.
In most IT departments and the companies that they are part of, what’s missing is a company wide strategy for dealing with the twin issues of system security and regulatory compliance. One of the key reasons that we seem to do such a poor job of this is simply because nobody’s really been trained on what the best way to identify and classify risk is.
If you think about it, the threats come from a wide variety of different sources: smart international cyber criminals, angry ex-employees, and everyday user mistakes and gullibility.

The Bad Guys Just Keep Getting Badder

Every IT Leader needs to always be on the alert for things that just don’t seem right. It can be as simple as members of your team’s laptops not behaving in a way that they are supposed to or you receiving suspicious phishing phone calls.
The experts who study the ways of modern cyber criminals are telling us that the bad guys have recently really started to take it up a notch. They are evolving from the cyber equivalent of petty street crime to mob-like activities.
What’s going on now is that cyber criminals are taking over control of large numbers of PCs (creating what’s called a “botnet”) and then remotely commanding them to take synchronized actions that can do things like take down web sites. They take advantage of major news stories such as earthquakes and convince people to download software that then infects their computer.

What’s An IT Leader To Do?

Great, so the world is evolving and becoming a more dangerous place for IT Leaders to work and play, This naturally leads to the interesting question: what should you be doing about it?
As an IT Leader, you have a single way of making your company more secure: managing your IT team. You need to be doing the following three things: making sure that your team is constantly being trained and educated about the latest threats, restricting the types of applications and corporate data that each member of your team has access to, and finally making sure that when an employee leaves for whatever reason that you firmly lock all of the system doors after them.

What All Of This Means For You

IT Leaders already have a full plate of things to do. However, it turns out that the forces of cyber darkness continue to grow and become more dangerous to companies. This means that everyone has a role to play in keeping the company safe from outside threats.
As an IT Leader you have a responsibility to make sure that your team is part of the solution, not the problem. This means that you need to work with your team to boost their awareness of cyber threats and make sure that they don’t get tempted to harm the company.
By doing your part to secure the company against cyber criminals, you’ll be freeing your team from potential distractions and outages and in the end, you’re going to be making everyone more successful.

- Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Management Skills™

Question For You: What do you think the #1 cyber crime threat is to a modern company?

Click here to get automatic updates when The Accidental IT Leader Blog is updated.

What We’ll Be Talking About Next Time

There probably isn’t a problem out there that couldn’t be solved by adding some IT to it. In fact, once you had done that, you could probably make that solution even better by adding more IT to it. At what point is too much IT considered to be too much of a good thing? IT Leaders need to be able to realize when enough is enough…

Tags: , , , , , , , , , ,
Posted in security | No Comments »