An information security blueprint, part 2

Symantec's Francis deSouza on the practicals of holistic information security in today's organization

. What's this?

By Francis deSouza, Senior Vice President, Enterprise Security Group, Symantec Corp.

May 12, 2010CSO

A look back at recent data breaches including the Hydraq attacks exposes an alarming trend that only a handful of security experts anticipated. As predicted by some as early as 2005, Internet attackers are no longer driven by fame but by fortune and are using increasingly sophisticated techniques. These attacks are not just hunting for confidential information such as credit card or Social Security numbers, they can actually target specific employees at multinational companies and government agencies they know have access to design documents, source code and other forms of intellectual property and classified information.

As discussed in part one of this two-part Information Security Blueprint series, threats are likely to become even more complex and effective over time, so organizations should work to reduce their vulnerability by implementing a security blueprint that is comprehensive, proactive, enforceable and manageable. Among the most important components is a strategy that addresses the four most common security weaknesses today's cyber attackers target: poorly enforced IT policies, poorly protected information, poorly managed systems and poorly protected infrastructure.

Enforcing IT Policies
Data breaches may be caused either by cybercriminals outside the company or by malicious or well-meaning insiders operating within the company. Virtually all data breaches, however, involve missing, broken, or unenforced IT policies. Whether cybercriminals and malicious insiders exploit them or well-meaning insiders follow them, inappropriate IT policies are a common factor in data breaches. By prioritizing risks and defining policies that span across every location, customers can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.

Also see How to Write an Information Security Policy


Cybercriminals rely on two factors as they consider target organizations from which to extract information. The first is that from an information security perspective, most companies are hard on the outside but soft on the inside. Malicious attackers look for companies that do not have appropriate IT policies either developed or enforced around who should have access to what infrastructure or what information. What that means is that once the criminals are inside the safety of the corporate network, they have free rein across that network to figure out what valuable data exists and where it is located.

The second factor upon which cybercriminals rely is "data spillage"—information unknowingly moves from its appropriately protected data storage container into another container that is inadequately protected. For example, a company might know that its employee records exist on the employee record database or that patient information is in a patient database. Yet, they do not know where else that information is stored. For many companies, data exists in multiple places, including file shares, laptops, test and development servers, USB drives, and other secondary locations. Unless this information is identified, it will remain vulnerable.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER