The News Just Gets Worse and Worse:
According to the US News & World Report (June 2009, pp.56-57), "The Pentagon recently faced a computer worm attack so severe that it forced an extreme security solution. Defense Department personnel were banned from using portable flash drives on military computer networks. In total, the Pentagon spent more than $100 million in the past six months responding to various cyber attacks, officials revealed earlier this month. One such attack, also believed to be the work of Chinese hackers, infected nearly 75 percent of the computers at the largest military base in Afghanistan."
But there is more...According to (Fitzgerald, J., & Dennis, A., 2009, p.369) "In recent years, organizations have become increasingly dependent on data communication networks for their daily business communications, database information retrieval, distributed data processing, and the internetworking of LANs. The rise of the Internet with opportunities to connect computers anywhere in the world has significantly increased the potential vulnerability of the organization's assets. Emphasis on network security also has increased as a result of well-publicized security break-ins and as government regulatory agencies have issued security-related pronouncements.
The losses associated with the security failures can be huge. An average annual loss of about $350,000 sounds large enough, but this is just the tip of the iceberg.
The potential loss of consumer confidence from a well-publicized security break-in can cost much more in lost business. More important than these, however, are the potential losses from the disruption of application systems that run on computer networks. As organizations have come to depend upon computer systems, computer networks have become "mission-critical." Bank of America, one of the largest banks in the United States, estimates that it would cost the bank $50 million if its computer networks were unavailable for 24 hours. Other large organizations have produced similar estimates.
Protecting customer privacy and the risk of identity theft also drives the need for increased network security. In 1998, the European Union passed strong data privacy laws that fined companies for disclosing information about their customers. In the United States, organizations have begun complying with the data protection requirements of the HIPAA, and a California law providing fines up to $250,000 for each unauthorized disclosure of customer information (e.g., if someone were to steal 100 customer records, the fine could be $25 million). As you might suspect, the value of the data stored on most organizations' networks and the value provided by the application systems in use far exceeds the cost of the networks themselves. For this reason, the primary goal of network security is to protect organizations' data and application software, not the networks themselves."1
The lesson learned is simple. Don't become a victim of "hackers" instead take the proactive steps necessary to your business interests today by retaining or hiring a Cyber-Guardian Security Certified Professional™.
1. Fitzgerald, J., & Dennis, A. (2009). Business Data Communications and Networking. Hoboken, NJ: John Wiley & Sons, Inc.
It's time to...
Every five years or so, the nightmare of every network manager, administrator and engineer comes to pass..."It's time to migrate the network." Like a ghost from the past it arrives on your project management teams desk and everyone it seems starts heading for the exit.
The reality of the IT marketplace is that change is inevitable and continuous. The cascading effects of technology today may not only require security "patches," but they may also produce new security "holes" that now require a second new "patch" and at times it just seems endless.
There has to be an easier way to do this? How? Deploy the ITS3Cyber-Guardian's™ to suppress the attack upon your systems and technology.
|
When an business owner asks "Who or what can we deploy to defend us?"...How do you suppose they might answer? |
Consider the diagram above directly from Webster's Dictionary Online. It clearly presents the concept of "Governance" better than any words we could possibly utilize. Yet, if you asked one person what "it" was and then anotherad infinitum, we strongly doubt any of them would have the same definition. Pronunciation: \?g?-v?r-n?n(t)s and its function is a noun, and its most basic and simple meaning is "government." So when one speaks of the "Governance of IT", or the Governance of Enterprise IT as in the COBIT from ISACA, we can speak of it primarily as the "governing of many individual and discreet parts that combine to make up a whole." In other words today's IT Specialist needs to be far superior from those of twenty years ago or even ten years ago when you called the "tech" to change the printer ribbon on the dot-matrix printer, or to fetch another ream of paper for the photo-copier. No, IT today has so many branches, pieces and parts that it requires someone very specially trained to "govern" it all and to "govern" it well. Our ITS3 Cyber-Guardian Professionals know what it means to be a specialist with all the composite background knowledge not just in IT vendor certifications, but also with their college degrees they demonstrate a higher quality of professionalism than someone who has one or the other but not both disciplines mastered. When you factor in our proprietary "peer-review" exam process, the Cyber-Guardian Security Certification™ training program just shines all the brighter. |
The modern day data center is at the very heart of the corporate enterprise. The costs of operation and maintenance is staggering and as a percentage of net revenue and is a significant portion of the typical annual budget. At the center of each corporate data center stands the 24x7x365 sentinel who keeps the night-watch.
Protecting these systems externally is comparatively easy to protecting them from within. One can always build a new wall, install new cameras, lock more doors, but one of the most overlooked faults in network cyber-security is the retention of personnel who don't have the real-world skills to be in the positions they are in. Corporate training budgets are tight and in recent days "non-existent" in some instances. Therefore hiring managers are always on the lookout for those who already hold and posses the correct skill mixes to be of value to them in the management and operations of these data depositories. Hire the wrong person and more damage can be done in just a few seconds that all the hackers of the world united could ever do!