Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

It's the Information, Stupid

Security pros won't succeed unless they broaden their focus from the infrastructure that houses information to the security of the information itself. BT Senior Security Consultant Jason Stradley explains how to get there.
Page:

Over the past several years there have been changes in the business environment, causing fundamental alterations in how security organizations operate to protect the enterprises for which they have responsibility.

An evolution in the nature, methods, and motivation behind the perpetration of security breaches [Timeline: 4 Years of Data Breaches] has had a profound impact on the importance of protecting data and information. This is a shift from the traditional approach of protecting the infrastructure on which the data resides.

The focus of this article is to identify ways that information in the enterprise can be inappropriately removed and a framework for how to mitigate these risks and protect your organization from the potential litigation, fines, and sheer embarrassment that can follow from such an event.

The unprecedented transformation in the nature and consequences of security breaches is causing a shift in the way security practitioners specifically and business leaders in general must think about the security of information within the enterprise.

The job of a security professional over the past few years has undergone a metamorphosis in response. This metamorphosis has taken the security practitioner from a completely interrupt-driven existence of a firefighter constantly on the alert for an attack, to more of a detective engaged in constant investigation to understand whether or not there has been significant data loss from a silent assailant, one whose biggest goal next to gaining that information is keeping anonymity intact.

Hackers in the early part of the decade were eager to show their skills by perpetrating blatant attacks such as the defacement of a website home page or by bringing a mail server to its knees through a constant bombardment of useless traffic, thereby preventing legitimate users from gaining access. Today hacking is governed by a whole new paradigm, that of profit. It's all about making money the old fashioned way -- by stealing it. Today hacking is a multi-billion dollar enterprise whose sole goal is to acquire any type of information that is believed to be of value to anyone who is willing to pay for it. Hackers today go out of their way to keep their existence a secret from their victims for as long as possible in order to farm the maximum amount of information before having to go to the expense of searching for and infiltrating another victim.

Given the reality of our changed world, we as security practitioners must change along with it. We must extend our focus from the security of the infrastructure that houses the information to the security of the information itself. The primary mission of the security practitioner must be reconsidered to be successful.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: BT, DLP, etwork, IPS, LP
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: data breach, data protection, drm
Latest Blog Posts
Whitepapers
  • Securing Vital Infrastructure
    A unified approach to information security can help modern vital infrastructure providers deal with evolving IT threats without compromising on communications or the demands of an increasingly mobile workforce. Flexible policies, combined with quality inbound threat detection, deep content inspection and encryption capabilities can help organisations to mitigate the risks – not just from outside the organisation, but also within it. Read this whitepaper.
    Learn more »
  • Best Practices for Secure Enterprise Content Mobility
    To secure mobile devices while enabling employees to share data securely, organisations need a comprehensive and flexible solution for secure enterprise content mobility. A secure enterprise content mobility solution complements Mobile Device Management (MDM) solutions and enables mobile workers to easily share data with other authorised users, while ensuring that data is always secure and IT operations are always compliant. Read this whitepaper to learn: How the popularity of Bring Your Own Device (BYOD) is creating new security challenges; Why MDM is useful, but not sufficient; How enterprise content mobility provides an essential layer of security and control for organisations with mobile users.
    Learn more »
  • Seven Steps to Effective Data Governance
    Creating a framework to ensure the confidentiality, quality, and integrity of data – the core meaning of data governance – is essential to meet both internal and external requirements, such as financial reporting, regulatory compliance, and privacy policies. At its best, data governance roots out risk – both business and compliance risk – by increasing oversight. This white paper provides seven steps for taking such an approach, concluding with a real world example, taking an incremental approach using a repeatable framework that is a practical, proven strategy that any size organization can implement to suit their immediate and long-term needs and budget.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments