[ISN] Security means keeping the system up

From: InfoSec News (isnat_private)
Date: Fri Sep 05 2003 - 00:05:59 PDT

  • Next message: InfoSec News: "[ISN] Failing security threatens FTSE100 firms"

    http://www.fcw.com/fcw/articles/2003/0901/web-irmco-09-04-03.asp
    
    By Sara Michael 
    Sept. 4, 2003 
    
    When it comes to technological security, officials should shift their 
    focus from guarding with the latest features to ensuring that critical 
    processes keep running in the face of attacks, an expert said this 
    week.
    
    "We've spent a lot of effort in building interconnected systems, but 
    not a lot of effort in how to secure those systems and ensure 
    continuance of critical operations," said Tim Shimeall of Carnegie 
    Mellon University's CERT Analysis Center.
    
    Shimeall spoke Wednesday at the Interagency Resources Management 
    Conference 2003 in Cambridge, Md.
    
    Security officials previously focused on how to protect one machine or 
    a single system, Shimeall said. But as networks expand, boundaries 
    blur and more agencies are using interoperable and connected systems. 
    
    "As we involve more and more organizations, we step back from this 
    centralized control, Shimeall said. "We need to consider that our 
    network isn't limited. The network we care about is more than the 
    network we own."
    
    Information technology personnel should stop viewing networks purely 
    as centrally-managed, independent entities, Shimeall said. The growth 
    of the Internet has led to complex connections, which can make systems 
    vulnerable, he said. 
    
    Attacks on government networks can have far-reaching effects on the 
    public, such as exposing private information, and e-government 
    initiatives are relying more and more on the Internet, Shimeall said. 
    As a result, building a security wall to protect networks isn't good 
    enough anymore, since hackers will go around it, Shimeall said. 
    Instead, agencies need to identify what operations matter to an 
    organization and determine how they can maintain these processes even 
    during an ongoing attack. 
    
    "The number one thing you can do is first shift your thinking," 
    Shimeall said. "Number two is ask the right questions and listen to 
    the answers."
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Sep 05 2003 - 03:12:37 PDT