Access "Enterprises must treat Insider risk as they do external threats"
This article is part of the November 2009 issue of How to implement a change management that works and reduces security risks
If your enterprise is drawing a figurative line down the middle of its network and divvying up security differently between insiders and outsiders, then honestly, you're so six years ago. Get with it. Outsiders are on the inside today. Customers, business partners, suppliers, contractors, and anyone else who tunnels in through your network or walks through your company's front door and has authorized access to systems or data is an insider -- or is it an outsider? Either way, it doesn't really matter, the old paradigm is gone. Get over it. "Where the attack comes from is irrelevant," says blogger and senior vice president of strategy at eIQ Networks, Mike Rothman. "This idea of segmenting security defenses seems to be a marketing scheme and a very 2003 way to look at security. I always recommend to people that there is no insider. Everybody needs to be treated as an outsider. The old truism of trust-but-verify is absolutely critical." The firewall used to be the great divide between insiders and outsiders, but third-party access over the Web has not only ... Access >>>
Premium Content for Free.
Messaging security risks have upper hand on solutions
Spam, phishing and infected attachments continue to plague messaging platforms, despite sophisticated protection. What's the answer?
Enterprises must treat Insider risk as they do external threats
Enterprises can no longer differentiate between insiders and external threats. That's such a 2003 paradigm.
- Messaging security risks have upper hand on solutions
Metasploit Project acquisition ups ante for penetration testing market
Rapid7's acquisition of the Metasploit Project takes down one of the few remaining open source security projects. But expect a smooth transition; there have been many success stories and mistakes made to learn from.
Integrated change management reduces security risks
by Diana Kelley and Ed Moyle
Unmanaged changes to IT systems and networks can recklessly increase risk to enterprises. The key is rolling out an accepted change management process, and sticking to it.
- Metasploit Project acquisition ups ante for penetration testing market
Time is now for pandemic flu planning
Safeguarding your organization against a H1N1 outbreak should be a top priority.
Schneier-Ranum Face-Off: Is antivirus dead?
Security experts Bruce Schneier and Marcus Ranum debate the longterm viability of antivirus software.
Standards compliance does not equal sound information security risk management
The checklist approach to security is easy, but the result is poor security.
- Time is now for pandemic flu planning
More Premium Content Accessible For Free
Secure file transfer: Send large files fast, but keep your system safe
FTP gets big files to colleagues and clients fast, but as the headlines remind us, the threat of electronic break-ins is real. This guide to secure ...
Is your mobile security strategy combating the wrong enemy?
As tablets and smartphones become more integrated into business environments, CISOs are scrambling to put effective countermeasures in place. But too...
What's the best focus for MDM strategy now?
This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost...