[ISN] Florida taps Symantec for security tools

From: InfoSec News (isnat_private)
Date: Mon Apr 14 2003 - 01:02:04 PDT

  • Next message: InfoSec News: "[ISN] Security a bright spot for IT spending"

    http://www.fcw.com/geb/articles/2003/0407/web-fla-04-11-03.asp
    
    By Dibya Sarkar 
    April 11, 2003 
    
    Already quite proactive in cybersecurity, Florida's state government 
    is using two Symantec Corp. software tools to beef up its enterprise 
    network security, according to company officials.
    
    NetRecon is a vulnerability assessment tool, which Tom Resau, 
    Symantec's public sector spokesman, described as a "hacker in a box" 
    that scans, analyzes, and reports security holes in the network. 
    
    The second tool is the Enterprise Security Manager (ESM), which is 
    essentially a policy compliance tool that constantly assesses a 
    network's performance based on the organization's security policies, 
    he said.
    
    Brian Finan, the company's strategic programs and homeland security 
    director, said Symantec's recently released Internet security threat 
    report showed that about 2,524 new information technology product 
    vulnerabilities were discovered in 2002, about 81.5 percent higher 
    than in 2001.
    
    He also said the ESM tool would ensure that an organization's policies 
    --such as how often passwords are changed or the length of passwords 
    -- are followed. It provides a baseline for every system and then 
    automates repetitive operations to ensure those policies are being 
    enforced. He said both tools are generally used in tandem to give a 
    government or other organization a high-level security view.
    
    "Given our large network environment supporting agencies across the 
    state, holding systems to policy is crucial for preventing weaknesses 
    that could result in compromised systems during a network attack," 
    said state Chief Information Officer Kimberly Bahrami in a statement.
    
    The state is also using a Symantec application module that allows 
    agencies to automate and centralize security policy management and 
    assessments in accordance with the Health Insurance Portability and 
    Accountability Act, a federal law that ensures the privacy and 
    security of individuals' electronic health information.
    
    Security companies, said Finan, need to provide more education and 
    training awareness about increasing threats and vulnerabilities. 
    Cutbacks in funding resources, he said, impact an organization's 
    ability to shore up security even if it has cybersecurity policies. 
    Combining products or ones with greater capabilities can reduce costs, 
    he said.
    
    Florida began working on its cybersecurity problem in 1999, and then 
    created the Office of Information Security, a unit of the state 
    technology office, two years later. The state takes a proactive 
    statewide approach to security, including using another third-party 
    vendor to handle statewide security audits. The model does not allow 
    any agency to be exempt and includes possible reprimands for 
    noncompliance.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Apr 14 2003 - 03:28:11 PDT