Friday, June 14, 2013

I Like My Security System to be Like My Cake: Multi-layered

I'll tell you right now there is no system out there that is 100% secured for being hacked. "Black hat" hackers usually try a number of attacks until they find a vulnerbility with the system, then they exploit it. Security professionals have to counter all the various attacks by building up a security system that is multi-layed.

It pays to be able to think like the so-call "black hat" hacker. In fact security professionals should consider themselves as hackers and learn as much as possible from the hacking community with an open mind. How else are you going to be able to know what the bad guys are up to and be prepared to counter their attacks.

The layered approach is fitting for most modern information security threats. Training staff on general security concepts such as social engineering, phishing, vishing, shoulder surfing, dumpster diving and common email and online hoaxs should be the first layer to your organizations information security. Well writing policies, standards, guidelines, and procedures is another layer. Using the most up-to-date technology for encrypting confidential information is yet another layer. There are many more layers such as testing and applying updates regularly, having a security baseline, intrusion detection, system hardening, etc. The list of layers can go on endlessly.

Even though there are no garantees that an information system will be 100% secured, we can make it near impossible for it to be compromised.

No comments:

Post a Comment