Information Security: Where We’ve Been and Where We Need to Go

##AUTHORSPLIT##<--->

Patrick HinojosaInformation security management consists of identifying an organization’s electronic informational assets, as well as the planning and programs that must be carried out to ensure its continued availability, confidentiality and integrity. Whether the organization is a commercial enterprise, governmental agency or educational institution, these goals are the same. What differs is the type of assets and to what degree they are critical to the continued operation of the entity.

The Threat Situation

Fulfilling these requirements used to mean having a unique logon and password for employees to control access to the system. As use of the Internet began to grow, organizations started to deploy firewalls at the perimeter to keep hackers from gaining access to the systems within. Most thought that we had handled the situation. Then the rise of the computer virus forced the development and deployment of anti-virus software onto workstations in order to protect the integrity of the data and the availability of systems themselves.

Today, the situation is not so simple. The current threats are entering from the Internet through our firewalls and landing directly onto PCson the network. These threats include e-mail worms, remote access Trojans, spyware, adware, network worms, blended threats, as well as multistage, incremental infections using all of the above.

Any machine that has direct or indirect access to the outside world is at risk, and puts all assets connected to the network in danger. Automated attacks can and do spread across the Internet faster than traditional reactive technology can be updated - this includes conventional anti-virus and IDS (intrusion detection system) solutions.

Laws have been enacted mandating that certain levels of confidentiality, accessibility and integrity of data be maintained. Whether it is the privacy of medical records, student records, personal financial data or simply e-mail archiving, there are laws covering it. The penalty for noncompliance can be fines and/or lawsuits.

Proactive Technologies

However, the threat situation d'es not appear to be getting any better. In fact, it is actually worsening due to the addition of criminal elements that are now hiring technical experts to develop new attack methods on a for-profit basis.

Top 10 Viruses of 2004

So what do we do? Up until now, security has been reactive - providing protection against the known threats. If a new threat appears, it then develops a new defense. This is clearly no longer workable. The common viewpoint of security vendors that “some systems must die so that others may be protected” is outdated. This is the methodology of signature-based defense in which some systems had to get infected before the threat could be found. Well, if those were your systems, it was no fun being a guinea pig.

Proactive technologies that can protect against new, unknown threats without human intervention must be deployed to ensure the integrity of IT systems. This must fit into existing security budgets and must not increase the workload in already overstretched IT departments.

In the case of information security, a dollar of prevention is worth a thousand dollars of IT man-hours.

Featured

  •  laptop on a clean desk with digital padlock icon on the screen

    Data Privacy a Top Concern as Orgs Scale Up AI Agents

    As organizations race to integrate AI agents into their cloud operations and workflows, they face a crucial reality: while enthusiasm is high, major adoption barriers remain, according to a new Cloudera report. Chief among them is the challenge of safeguarding sensitive data.

  • chart with ascending bars and two silhouetted figures observing it, set against a light background with blue and purple tones

    Report: Enterprises Are Embracing Agentic AI

    According to a new report from SnapLogic, 50% of enterprises are already deploying AI agents, and another 32% plan to do so within the next 12 months..

  • stacks of glowing digital documents with circuit patterns and data streams

    Mistral AI Intros Advanced AI-Powered OCR

    French AI startup Mistral AI has announced Mistral OCR, an advanced optical character recognition (OCR) API designed to convert printed and scanned documents into digital files with "unprecedented accuracy."

  • student using a tablet with math symbols dissolving into a glowing AI

    Survey: Students Say AI Use Can Reduce Math Anxiety

    In a recent survey, 56% of high school students said that the use of artificial intelligence can go a long way toward reducing math anxiety.