- Not Anymore, Continued
- Known Vulnerabilities and Known Exploits
- Targeted Threats
- Critical Systems and Threats
- Regulatory Issues
- A Word About the Long Term: IPv6
- The Organizational Security Posture
- What Parts of Constant Vigilance Should I Outsource?
- What to Keep
- Who to Seek
- You Have Just Charted a Course: Let's Set Sail
The global environment necessitates an acute awareness of regulations in any country in which you do business. Just like your technology, you should map your organization's literal geography and all the geographic regulationscountries and locationsthat apply. If you are a Swiss company, you might not know the whole of German law. If you are headquartered in Brazil, you cannot be expected to have a working knowledge of Dubai regulations.
Regulations represent terrain on which your global security team, your technology team, and your legal department must have a strong and close working relationship. This team will expand as your business expands. That way, if you move into the United States, you can figure out that each state has its own regulation profile: California has more regulations, for example, and Oregon has fewer. Having a legal team in place on the ground or at home that has a strong working knowledge of the laws that apply to you both geographically and vertically is critical to any constant-vigilance plan.
The World Economic Forum's Little Black Book
At the 2002 World Economic Forum in Davos, Switzerland, HP wanted to introduce attendees to its latest palmtop device that was replete with Windows CE and a wireless card. The Forum outfitted these new beauties with all the attendee information and personalized codes for finding places to eat and, when loaded with your credit card number, you could use it to scan and purchase books.
That year's Forum was met with antiglobalization demonstrators who showed up in person and virtually. One of them war drove the conference and was able to hop onto the wireless network provided by the Forum's host. There was no security, and soon the demonstrator had the information of every attendee in his or her computer. This included the addresses, private cell phones, credit card numbers, and exclusive e-mail addresses of the world's power brokers, including the likes of Bill Gates, Al Gore, and a host of others. This experience quickly illustrates how constant vigilance can even be missed at the highest levels.
Note that war driving is illegal in some spots around the globe, and hackers can be cited in interesting ways. In the United States, a man was arrested because he tried to access a corporate WiFi net while standing in the company's parking lot. He was found guilty, because he did it from their propertyhad he sat across the street, there would have been no law with which to prosecute him. In most countries, there are still no laws covering this new technology, so each case is handled differently. Look for these laws to evolve quickly, matching the rise to prominence that wireless is making around the world. Understanding what rules are in place will help you lay out the distribution of your WiFi repeaters and help you plan your WiFi policies accordingly.