• United States



by Dave Gradijan

Flexible Three-Tiered Defense Recommended for IT Security

Aug 18, 20062 mins
CSO and CISOData and Information Security

Symantec CEO John Thompson recommended a more flexible and ambidextrous approach to IT security at a keynote speech at the Air Force Information Technology Conference at Auburn University's East Montgomery campus this week, reports.

His thoughts on a mixture of defense strategies would be applicable to federal IT security officials, as well as to private companies.

According to the article, Thompson illustrated how older models of information security only restricted data and hampered real-time use. And with the changing tactics of cybercriminals, security managers need to adopt a more flexible and combined approach.

Thompson's three-pronged approach included protecting information technology infrastructure, protecting the information itself and protecting the interactions among people using the information, reports.

The article states the first step in cyberdefense is to ensure systems will survive natural or man-made disasters by transferring data to backup systems in case of emergency. In addition, standardization and encryption of data and a common software infrastructure are crucial.

“After all, servers and laptops [computers] can be replaced; the information on them most likely cannot,” Thompson told the audience.

Second, according to Thompson, is controlling unstructured data, such as e-mail, instant messaging, PowerPoint and Word documents, and voice-over-IP conversations, which can be up to 80 percent to 90 percent of a company's data. Transactions and conversations should be monitored to combat suspicious or dangerous activity, reports.

Finally, Thompson said attention must be paid to identifying user identity to combat phishing, as well as securing wireless technology with certification and authentication techniques.

In the end, Thompson told his audience that an organization's cybersecurity is only as good as the people who manage and use it.

“People are just as important as technology and policies,” Thompson said, according to “In fact, with proper planning and training, employees can become your strongest line of defense.”

Compiled by Paul Kerstein