Finally, CyberSecurity is getting the importance it warrants, and by none other than the President of the United States, Barack Obama. The new administration announced on May 29th the launch of a major CyberSpace Security Project, headed by a top-level office to better protect information networks and critical infrastructure.

“From now on, our digital infrastructure — the networks and computers we depend on every day — will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority.” President Barack Obama

Hopefully, Obama’s enthusiastic drive for change will help alter overly complacent attitudes toward security. Amazingly, such attitudes are prevalent not only among the general public, but even at top government offices, as seen in the article Does the State Dept. Ignore Security? (Datamation.com). The article describes the frequency of incidents in which State Department employees access celebrities’ personal information out of curiosity. Moreover, an audit conducted at the State Department’s Office of the Inspector General (OIG) discovered “many control weaknesses – including a general lack of policies, procedures, guidance, and training” relating to information security.

The Obama administration’s Cyberspace Policy Review cites substantial damages caused by security hazards:

• Failure of critical infrastructures. CIA reports malicious activities against information technology systems have caused the disruption of electric power capabilities in multiple regions overseas, including a case that resulted in a multi-city power outage.

• Exploiting global financial services. In November 2008, the compromised payment processors of an international bank permitted fraudulent transactions at more than 130 automated teller machines in 49 cities within a 30-minute period, according to press reports. In another case reported by the media, a U.S. retailer in 2007 experienced data breaches and loss of personally identifiable information that compromised 45 million credit and debit cards.

• Systemic loss of U.S. economic value. Industry estimates of losses from intellectual property to data theft in 2008 range as high as $1 trillion.16

With such heavy tolls recognized, perhaps more conscientious approaches to information security will trickle down from government officials to private companies and IT managers.

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

I’ve often wondered about what IT Managers – and their superiors – really need in the areas of security and compliance.

The importance of security is pretty obvious: A security breach, be it a hacking trick done by a teenage kid from across the globe or an embezzlement carried out by “an enemy from within“, can easily make the company’s stock value and “bottom line” take a huge nose dive. And don’t forget the personal damage to the manager’s career… That alone is enough to get you to make sure that systems are totally secure and that audit trails exist!

Also, as auditors become more and more powerful in their organization, demanding answers, figures and proof of everything that happens, IT Managers have no choice but to “supply the goods” and the means for these auditors to get their jobs done.

So here are my thoughts on the 5 “must-haves” for IT Managers these days:

1) Click Click – Single click access to a single page summary report, presenting, in a “top-down” manner, all exceptions to security policies on all systems in the environment. One example of such an interface is Raz-Lee’s iSecurity GUI.

2) Take it Easy – Easily enable system administrators, auditors- and managers!- to define, run and schedule compliance reports running over selected systems in their environment.

3) A Picture’s Worth a Thousand Words – Single screen graphical (i.e. business intelligence oriented) access to security-oriented data warehouse with on-line drill down capabilities to isolate and identify security breaches and related events. See iSecurity GUI Screens for an example of this.

4) Know Where you Stand – Single click assessment of how the site is complying with defined policies (either IBM’s, best practices or the site’s defined baseline policies).

5) Automate It – Automatic responses to potential security breaches and events which will enable identifying the intruder and accumulating court-acceptable evidence.

Raz-Lee’s iSecurity, an advanced System i Security product suite, addresses all 5 “Must Haves” .  Email marketing@razlee.com for a free consultation on the best security solution for you.

Written by Shmuel Zailer, CEO, Raz-Lee Security
Email Shmuel Zailer at marketing@razlee.com