|
Page 2 of 4
-
Avoid the temptation to ‘adjust’ your risk appetite.
In tough economic times, business managers tend to be more inclined to accept risks. Security leaders need to stand fast; this is in fact the worst possible time to take chances because your organization is much more at risk in times like these.
The threat of insider fraud and security breaches grows as economic times get harder. The prospect of losing their job or the pressure to perform and compensate for the lean workforce is reason enough for some employees to cut corners to meet targets or to take revenge on companies they feel have treated them badly.
-
Embrace Web 2.0 while guarding privacy and confidentiality.
It's important for information security professionals to ensure that Web 2.0 tools are made available to knowledge workers, along with controls to ensure that sensitive corporate or private information is protected.
The first crucial step is to develop a policy and educate and train the users. Additionally, data loss prevention (DLP) tools, Web crawlers, and other filters can be used to prevent sensitive information from being disclosed through these mechanisms.
-
Separate fact from fiction around virtualization.
Fueled by all the press around the dreaded Blue Pill, there's a common misconception that virtualization makes your environment insecure.
The fact is, virtualization does introduce new components that must be secured, and this will add some complexity to your existing infrastructure as you ensure the security of the virtualization kernel and console.
Virtual networks will also add a layer of complexity that you will need to manage. But in most cases, these additional requirements shouldn't add much overhead to your existing operations staff, because many of the relevant processes are part of your security policies.
Like any new technology, poor implementation, ill-defined processes, or misconfiguration may create some vulnerability. But in the case of virtualization, the main risks would not be loss of security, but rather access to the virtualized environment, poor patch compliance, poor network architecture, and overall quality of service.
l Page 1 l Page 3 l Page 4 l
|