Nsauditor Network Security Auditor - Advanced All-In-One Network Tools Suite!
  Recommended Product
Network Security Audit Software
Network Security Audit Software and Computer Security Tools
  Learn More
 
 
  Network Security Software
Network Bandwidth Monitor Network Bandwidth Monitor
NBMonitor tracks Internet bandwidth usage (upload and downloads) and shows process names initiated network connections...
Network Hardware Inventory Software Network Hardware Inventory Software
Nsasoft Hardware Software Inventory is a powerful network inventory software for home, office and enterprise networks...
BlueAuditor Monitors Mobile Devices in Wireless Network BlueAuditor Monitors Mobile Devices in Wireless Network
BlueAuditor is a wireless personal area network auditor and easy-to-use program for detecting and monitoring mobile devices in a wireless network...
Network Access Monitoring Network Access Monitoring
ShareAlarmPro allows easily perform network shares and folder monitoring, block unwanted users attempting to access secured shares...
Network Shares Monitoring Network Share Watcher
Monitors network folders permissions and identify shares which are violating company data access policy...
NetworkSleuth Network File Search Utili NetworkSleuth Network File Search Utiliy
NetworkSleuth is a network file searching utility, that allows you to quickly locate files across a network....
Product Key Finder Product Key Finder
Product Key Explorer enables you to quickly recover over 3000 popular software product keys from network computers...
Backup Key Recovery Crashed Drive Keys Recovery Backup Key Recovery Crashed Drive Keys Recovery
Backup Key Recovery retrieves product keys for Windows, MS Office, SQL Server, Adobe products and more than 2500 popular software products...
 
 

Network Security News

The 5 biggest IT security mistakes

July 25 2011

Like cleaning the windows, IT security can be a thankless task because they only notice when you don't do it. But to get the job done in the era of virtualization, smartphones and cloud computing, you've got to avoid technical and political mistakes. In particular, here are five security mistakes to avoid:

1. Thinking that the business mindset of the organization is the same as five years ago.

It's not. Your power and influence are being whittled away as the organization you work for flings open the doors to allowing employees to use personal mobile devices at work, and pushes traditional computing resources and applications into the cloud -- sometimes without your knowledge. You have to be proactive in introducing reasonable security practices onto what are fast-moving technology choices which are sometimes made by those outside the IT department altogether. It's a "mission-impossible" assignment, but it's yours. It may involve developing new policy guidance to clearly spell out risk factors so there are no false assumptions.

VIRTUALIZATION SECURITY: Shift to virtualized environments shaking up security practices

2. Failing to build working relationships with IT and upper-level managers.

IT security divisions are typically small in relation to the rest of the IT department. IT security leans on IT staffers to get basic security jobs done. The security professional may have specialized knowledge and a pocketful of certifications like the CISSP, but that doesn't mean he or she is necessarily admired or liked because of that -- especially as security people are usually the ones saying "no" to other people's projects.

Moreover, don't think the power structure is always pointing toward the chief information officer as top decision maker. A fundamental shift is occurring in which the traditional role of the CIO as commander of IT projects is declining in favor of the rise of the chief financial officer having the final say on IT projects. Some evidence shows the CFO doesn't even like the IT department. The CFO's ideas about security may only go as far as the general legal idea of "compliance." The job for the security professional must be to communicate, communicate, communicate.

3. Not understanding that virtualization has pulled the rug out from under everyone's security footing.

Organizations are well on their way to achieving 80% virtualization of their server infrastructure, and desktop virtualization projects are increasing. But security is lagging, with many incorrectly assuming it begins and ends with VLANs. The reality is that virtualization architectures change everything by opening new pathways that can be exploited. As has happened so many times before in the IT industry, groundbreaking technologies have become available for use with inadequate attention paid to the security impact.

Some traditional security products, such as anti-virus software for instance, often don't work well in virtual machines. Physical appliances may have new "blind spots." Today, specialized security products for virtualized environments are finally coming to market -- and security professionals need to figure out if any of them should be used, while also keeping up with evolving security plans from vendors such as VMware, Microsoft and Citrix. Virtualization holds tremendous promise in eventually improving security, especially disaster recovery.

4. Not preparing for a data breach.

It's the nightmare scenario in which sensitive data is either stolen or accidentally leaked. In addition to technical detection and remediation, the law needs to be followed regarding data breaches. But which laws? Almost every state now has its own data-breach laws and some federal rules, such as the HI-TECH Act, impact some industries, like healthcare. When it happens, a data breach is going to be an event -- and an expensive one at that -- that requires coordinated participation by the IT security manager, the IT department , the legal department, human resources and the public affairs divisions, if not more. Organizations should be meeting to plan for worst-case scenarios, conducting a data-breach drill internally.

5. Complacency with IT security vendors.

It's necessary to have solid "partnerships" with IT and security vendors. But the danger in any vendor relationship is forgetting how to look at products and services with a critical eye, particularly in terms of sizing up what they have in relation to their competition or finding new approaches to basic problems of authentication and authorization, vulnerability assessment and malware protection. Many vendors are struggling to adapt traditional security controls to the realms of virtualization and cloud computing. In some sense, it's a time of chaos as the IT industry undergoes a reinvention. But that only means that IT security is going to have to push harder to get what it believes the organization needs now or in the future.

Sours From

View more news

 
  Most Popular Articles
 
 
  Popular Searches
network security magazine network security auditor network security news network security software corporate network security network security systems home network security product key finder password recovery software Network Bandwidth Monitor Network Access Monitoring data access policy monitoring remote shutdown Network File Search key recovery Network Monitoring Computer Security Ethical Hacking Network Security Network Inventory Software Information Security
 
 
  Partner Sites
Network Security Auditor
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more. For more information, please visit:
www.nsauditor.com


Password Recovery Software
SpotAuditor is All-in-one password recovery program that offers administrators and users a comprehensive solution for recovering passwords and other critical business information saved in users' computers. For more information, please visit:
www.password-recovery-software.com

Product Key Explorer
Product Key Explorer quickly recovers and displays product key, including Windows 7 keys, Windows Vista key, Windows XP product key, Microsoft Office 7 product key, MS office 2010 key, Adobe Photoshop, Adobe CS5, CS4, CS3, SQL Server, Electronic Arts games and more than 3000 popular software products:
www.product-key-explorer.com/