- Not Anymore, Continued
- Known Vulnerabilities and Known Exploits
- Targeted Threats
- Critical Systems and Threats
- Regulatory Issues
- A Word About the Long Term: IPv6
- The Organizational Security Posture
- What Parts of Constant Vigilance Should I Outsource?
- What to Keep
- Who to Seek
- You Have Just Charted a Course: Let's Set Sail
You Have Just Charted a Course: Let's Set Sail
In Part 1, "Charting A Course," I spelled out the six global (and universal) security keys to success that cross all borders:
You need to design a clear policyor global security strategythat is embraced by the global organization by listening to and working with business owners, who are ultimately responsible for the amount of risk they do or do not mitigate.
Understanding that a security base tied to the concept of ROSI as it relates to what components are base-worthy or best executed independently can prove potent to your organization as threats increase in magnitude and intensity. Although base-relevant ROSI varies from maximum to minimum, understanding and applying my Rule of 3 will help you determine what kind of a return any one of the components I discussed could be realized within your organization. By using this rule of three, you can also drive greater adoption of security services throughout the organization.
Business systems enhancement (finance, HR, CRM, supply chain) presupposes that the deployment of security can and will deliver money savings and time/productivity efficiencies. Similarly, functional process enablement (operations, networks, call centers, development) posits that security, if prudently applied, can drive profitability and prove the worth of a strategy.
Developing radar that effectively integrates monitoring into the flow of corporate vital signs when reported in business terms to the business owners can ensure that a strategy deployed remains strong, successful, and legal.
Constant vigilance, that step you take to deputize key people within your organization to stay current on the changes to technology, threats, countermeasures, regulations that will at once vest them with a sense of responsibility and accountability when it comes to security, will ultimately prepare your organization and keep it in a potent security posture.
Now that we have addressed some universal truths in global corporate security, it is time to set sail and begin visiting local security environments in Europe, the Middle East, and Africa (EMEA), the Americas, and the Asia Pacific regions. Here we step off our boat and walk the streets that might already comprise your map, examining local rules, regulations, customs, best practices, and conventions. I do so in Part 2, "Reality, Illusion, and the Souk," with an eye toward helping you succeed in countries beyond your own.
1. Definition of "exploit," n.d., searchsecurity.techtarget.com/sDefinition.
2. Matt Hicks, "SCO, Microsoft Prepare for MyDoom Battle," 30 January 2004, http://www.eweek.com/article2.
4. Steven J. Vaughan-Nichols, "SCO's MyDoom DDoS Hammering Begins," 1 February 2004. http://www.eweek.com/article2.
5. Dennis Fisher, "Microsoft Unfazed by MyDoom's DDoS Attack," 3 February 2004, http://www.eweek.com/article2.