Archive for August, 2007

Security Perimeters Under Fire

The concept of a security perimeter is well-established within the world of information security. A security perimeter is a logical network boundary that surrounds internal computing resources and devices that protects them. The advent of firewalls (as crude as the first ones were) in the early 1990s followed by the emergence of the concept of a demilitarized zone (DMZ) shortly afterwards paved the way for deploying security perimeters to protect networks against externally-initiated attacks. Cheswick and Bellovin’s now classic book, Firewalls and Internet Security: Repelling the Wily Hacker, served both as an impetus and guidebook for creating security perimeters. Read more…

Categories: Uncategorized Tags:

Where Does Business Continuity Fit in?

Business continuity is a process that is designed to reduce organizations’ business risk arising from unexpected disruption of critical functions/operations. Business continuity must enable a business to continue operations in case of a disruption and also ensure that any interruption to information systems that occurs does not cause an unacceptable level of damage. Business continuity is not the same as disaster recovery, the latter of which deals with catastrophes such as a heavily damaging fire in a building that houses an organization’s computing resources. Still, business continuity and disaster recovery have much in common to the point that they are widely (albeit somewhat incorrectly) viewed as the same function. Read more…

Categories: Uncategorized Tags:

Winning Senior Management Support

Too many information security managers are fighting an uphill battle that they will never win. No matter how good efforts to plan, implement and monitor projects designed to mitigate security-related risk are, they are unable to narrow the gap between actual and desired levels of risk. Why? Much too often the reason is lack of senior management support.

The need for senior management support in information security is critical to success, yet obtaining it is elusive. Senior management seems to be perpetually fighting an abundance of proverbial fires; information security-related risk is only one of many is one of many such fires that need attention. Additionally, resources are invariably limited; information security managers must compete with many other worthy functions for resources. Winning the attention of senior management is thus difficult, but winning the support of senior management is even more so. Read more…

Categories: Uncategorized Tags: