Programmers Quotes

IT Security trends seem to be turning away from the usual tactical, technical focus on IT operations to so called “risk management”. So, bring on the consultants! With the evolution of information risk management shaping its way up to IT security works at many large organisations, Jonathon Penn, a security analyst at Forrester Research Inc, has singled out five trends in IT security that are bound to be on your chief IT security officer’s list for this year.

The first on that list will be GRC: IT governance, IT risk management and IT compliance (GRC) are to merge into a single discipline, with greater attention paid to metrics, staffing and optimal organisational structure.

IT security operations will be the next. As IT security technology becomes commoditized and embedded in IT infrastructure, security organisations are to split into two separate groups: strategy teams that will focus on business risk management issues, and operational teams that will oversee the technical aspects.

The third on his list is sure to be Application Security. Of course, Applications are a prime target for attackers especially as they deal with sensitive data. The ‘fix it when it happens’ attitude is giving way to more security programs that span the whole lifecycle of the application from the germ of an idea, right through to the operation.

To many business partners, Datacentric security is the mammoth and can determine who gets to see and protect classified data. Of course, this requires very close communication between business leaders.
Lastly, but certainly not least he may have Digital investigations, e-discovery or forensics on his list. I’m with you when you think it’s a daunting and sometimes scary area to deal with, especially e-discovery, where organisation are constantly scratching heads trying to find the best practices.

If you have a business network you are most likely connected to the Internet. Malicious hackers keep coming up with clever ways to intrude into unprotected computer systems and they may cause security breaches and havoc. Imagine having all your customer data stolen. That could create some serious problems in your business. You already have perimeter network security like firewalls, etc. But firewalls are limited by their scope – they do not monitor real-time attempts to hack into your network and cannot spot trends in what may be suspicious network activity. So you need intrusion detection systems put in place in addition to those firewalls. These IDS can prevent such hacker attacks as DNS dead drop, SMTP hijacks, remote logins, Injection attacks, Macro insecurity, and OS vulnerabilities like DDOS (distributed denial of service).

You cannot possibly keep track of all the security exploits that are getting discovered often by people across the world. That’s why you need good IDS that keeps itself updated with all the latest security threats automatically. Granted some initial configuration may be required and that may involve some serious effort just to define the scope of IDS in IT and network security. The IDS monitors the network for any suspiciously patterned or abnormal network activity. Such anomalies like open network ports, sudden growth in network usage from particular computers, etc. are usually noticed immediately by the IDS and the administrator is alerted.

Try reading whitepapers on IDS and get in contact with IDS vendors like Juniper, Symantec (Intruder Alert), NetContinuum, and TopLayer.com.