|
|
|
Recent privacy and security blunders committed by U.S. firms such as Bank of America and ChoicePoint were not only avoidable, but could have boosted the companies’ stock price instead of harming their integrity and credibility. Toronto, (PRWEB) March 9, 2005 -- Informatica (www.InformationSecurityCanada.com) president Claudiu Popa said: “We’re not trying to say these firms are worse than others. Hundreds of companies are making the same mistake every day and I advise executives against it as often as I can. What’s special in the case of these two firms is the critical issue of the weakest link. Whenever you don’t have a watertight security strategy and a complete set of enforced policies, you will always come across an exploitable weak link. In many cases, that link will be exploited for months or even years if it ever even gets detected”. Two common weak links for companies
are: “These two issues are the product of complacency and an inability to see the big picture of security” said Popa. “in most cases, these firms actually do regular penetration testing and network security audits, but it certainly won’t help them detect and mitigate the risks and threats that recently toppled Bank of America and ChoicePoint. That comes with experience and it’s a high price to pay when you’re the victim.” Claudiu Popa’s company is Informatica Security, a Toronto-based consulting and training organization that provides complete information security products and services. “there are some simple things that these companies needed to do to avoid this public debacle” said Popa. Conducting process audits and application security assessments is one. This needs to be policy driven and will always result in finding the weak link, even as you cross over the boundary from the outside to the inside. “you’re no longer looking at the problem in terms of network security. It is a process, an application, a procedure that takes place at a higher level and the bad guys were the first to find and exploit the loophole. That’s what makes it so damaging and embarrassing”. In the second case, matching corporate policies with data classification procedures will always eliminate the weakest link. Most companies handle the protection of sensitive information adequately while it’s located on servers, but when it comes to protecting backup sets, they fall short. “Backups are one of the biggest areas of risk for all companies today. Whether you are a microcompany or a multinational enterprise, at least part of your operations can be precisely duplicated by using stolen backup tapes. That threat is compounded by the fact that most companies place very little importance on the security of those backup tapes.” Claudiu Popa recommends that backup data needs to be encrypted to make it useless to unauthorized parties and the process of transferring these tapes should be secured and verified regularly. “Why should you trust a stranger who comes to transport your tapes to a remote location? Are your Service Level Agreements in place to protect you in case you lose all the data in your company? Have you audited your offsite backup service provider? Most companies have the wrong answer to these questions and the longer they wait to improve the situation, the higher the risk of an undetected security breach that can translate into legal liability, breach of regulatory compliance, loss of business and public embarrassment.” Informatica Corporation (www.InformationSecurityCanada.com) provides advanced security consulting to companies that care about protecting information assets. The company offers detailed 3rd party and service provider audits, application security assessments, data encryption hardware for backups and software for secure communications. Claudiu Popa is a certified information security expert and trusted advisor to businesses small and large. He publishes a monthly email newsletter - The PULSE - designed to inform, entertain and bring awareness to technical and non-technical audiences alike. Subscribe for FREE at www.InformationSecurityCanada.com -30- |
