Fear of the Unknown-IT Security Level 1

  |   Technology   |   19 Comments
Note: Recommended reading a prelude to this chapter, IT Security Concepts in plain English, click here 

 

By human nature we are scared of ghosts, less because they may be ugly, more because we don’t exactly know what they are. Darkness induces fear in us as our subconscious mind fears the unknown that may creep out of the dark.

 

Let us not deny that we all knowledgeable people are scared of IT Security, not because we don’t trust, but because it is largely unknown. Our fear makes us use gmail and yahoo as our official email I’d, our fear prevents us from activating our online banking, our fear prevents us from hosting our applications on cloud. These are all varying degrees of our unknown. However we also know that the longer we avoid these automation the further our competition will be from us.

 

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
Sun Tzu’s Art of War

[sociallocker id=”695″]

So it’s important to know both yourself and your enemies. Let me ask you a couple of question so that you can judge how much you know yourself and your enemy.

 

  1. What is the exact count of the active employees in your organisation today?
  2. Do you know for certain that an employee who quit your organisation yesterday does not have access to any of your company systems?
  3. Can you prevent and control your employees from misusing confidential company information? – Customer information, contract information, accounts information.

 

These may be simple questions but are the primary building blocks to securing your information. If you have avoided these, no matter how many sophisticated firewalls you have deployed, your enemy lies within. This brings us to the first layer of security – The User Authentication Level.

 

You can do the following things to comply with this level:

Basic

  • Implement a Payroll System with employee directory, entry and retirement process. Integrated Biometric Authentication preferred.
  • Create an Active Directory with employee record enabling and disabling intimation from the payroll system. Read a case study here.
  • Set user level access to company systems from the Active Directory.

Advanced

  • Use a Two-Factor Authentication System which will fortify access to critical information.
  • Implement Single Sign on (SSO)

 

 

You can check the offerings from DS3.

[/sociallocker]

Recommendation

If you already have an Active Directory in place, get it audited by an external auditor that can provide you with your industry benchmark compliance report. If you have an internal IT audit team in place, you can use some automated tools to perform periodic AD audits. Read more on Authentication from Internal Audit perspective here.

 

Compliance Standards for Guidance

You can check recommendations from SOX, ISO27000

 

Watch out for the next interesting session on Level 2 Security: Identity and Access Management

The following two tabs change content below.

Palash Bagchi

Executive Director at STPL Global
Palash is an experienced business leader with exposure to industries of Civil and Construction, Education, Information Technology, Banking and Financial Services, Telecommunications, and Energy & Utility. He has been engaged with the world's top organizations and imbibed skills of process standardization, global risk management, sales and marketing, and alliance management. Palash is experienced in various emerging markets including Africa, South Asia and South East Asia and has lived and operated in these geographies. He holds a Bachelors Degree in Civil Engineering and has studied Finance from IIM, Calcutta. He provides strategic direction to his organization and is instrumental in creating the operating ecosystem.

Latest posts by Palash Bagchi (see all)

19 Comments
  • Arthur Hambleson | Feb 9, 2014 at 3:00 PM

    IT Security is definitely still a HUGE unexplored space despite all the advancements made in the last 15 years. And, unfortunately, it’s nearly impossible to keep up with the rate of change (from a security standpoint) with that of social plugins and cloud extensions in regards to company infrastructure. Personally speaking, I work with a company that makes use of numerous openldap technologies that federate to active directory. What most people don’t realize is that that federation occurs from web service calls triggered from intranet web applications. Although those web applications are managed behind our WAFs, there are so many new mod sec rules being implemented every single day to prevent new social sharing and cloud extension based plugins from publishing private company data out to the masses.

    This example is just a splinter in the potential vulnerabilities that exist and grow every single day.- and this fear of the unknown keeps many a compliance and security admin up at night. Thanks for the read.

  • Anonymous | Feb 19, 2014 at 6:38 PM

    Undeniably consider that that you stated. Your favourite reason appeared to be at the web the simplest factor to take into accout of. I say to you, I certainly get annoyed at the same time as other people think about worries that they just don’t recognise about. You managed to hit the nail upon the top as smartly as|and also|and} outlined out the whole thing without having side effect , other people could take a signal. Will probably be again to get more. Thanks

  • shanghai massage | Feb 20, 2014 at 5:30 AM

    In ell, make up one’s mind the features you would like to comprehend in your website. The next agreement with is to pick out a website layout and planning how to determine
    shanghai massage http://www.ecmgstar.com/shanghaiescort/shanghaiescort.html

  • shanghai escort | Feb 20, 2014 at 9:19 AM

    In ell, make up one’s mind the features you would like to comprehend in your website. The next agreement with is to pick out a website layout and planning how to line up

  • Anonymous | Feb 22, 2014 at 11:07 AM

    I am really impressed with your writing abilities as smartly as} with the structure in your weblog. Is that this a paid topic or did you customize it your self? Anyway keep up the excellent quality writing, it is uncommon to peer a nice weblog like this one these days..

  • Anonymous | Feb 22, 2014 at 11:24 AM

    Tremendous issues here. I’m very happy to look your post. Thank you a lot and I’m having a look forward to contact you. Will you please drop me a e-mail?

  • Anonymous | Feb 22, 2014 at 4:27 PM

    I’ll immediately clutch your rss as I can’t to find your e-mail subscription hyperlink or newsletter service. Do you’ve any? Kindly allow me recognise so that I could subscribe. Thanks.

  • Anonymous | Feb 22, 2014 at 4:48 PM

    Hiya very cool blog!! Guy .. Excellent .. Superb .. I’ll bookmark your blog and take the feeds also?I’m happy to seek out numerous useful information right here within the submit, we need develop more techniques in this regard, thank you for sharing. . . . . .

  • Anonymous | Feb 24, 2014 at 2:37 AM

    Fantastic beat ! I would like to apprentice at the same time as you amend your web site, how can i subscribe for a blog web site? The account aided me a applicable deal. I have been tiny bit familiar of this your broadcast provided bright transparent idea

  • Andrew Pelt | Feb 25, 2014 at 6:24 AM

    I simply want to tell you that I’m newbie to blogging and seriously loved this website. More than likely I’m want to bookmark your blog . You absolutely have terrific stories. Appreciate it for sharing with us your webpage.

  • Payday Loans With Bad Credit | Feb 25, 2014 at 12:45 PM

    Loasns of lexs than $3, 000 to $168, 411 a year, eventually losing her home and declaring bankruptcy.
    Get out pencil and paper, then write down all your bills into one
    smaller monthly payment. Yet, the results of its investigations intgo how well such lenders comply wigh the law.

    The basic requirement of Payday Loans Uk loan facilities offering fast cash.

  • Serleen | Mar 3, 2014 at 10:44 AM

    I am really impressed together with your writing skills
    and also with the format to your weblog. Is this a paid
    subject matter or did you modify it your self? Either way keep up the nice high quality writing, it’s uncommon to see a nice blog like this one nowadays..…I will be happy if you visit my blog and say something http://twitter-guide-1.blogspot.com/

  • cezarJ | Mar 3, 2014 at 3:41 PM

    I love to read you website

    betting.pw

  • combination microwave | Mar 4, 2014 at 8:43 AM

    I leave a response when I appreciate a article
    on a website or I have something to add to the conversation.

    Usually it is a result of the passion communicated in the post I
    browsed. And after this post STPL Global | Fear of the Unknown-IT Security Level 1
    – STPL Global. I was moved enough to post a leave a responsea response 🙂
    I actually do have 2 questions for you if you usually do not mind.
    Could it be simply me or do some of these remarks appear like they are left by
    brain dead folks? 😛 And, if you are posting on additional sites, I would like to keep
    up with anything new you have to post. Could you list the complete
    urls of all your community sites like your Facebook page, twitter feed, or linkedin profile?

  • http://www.666delf-him.de/HIMwiki/mediawiki-1.15.1/index.php5?title=Hair_Straightening_Tips_For_You | Mar 10, 2014 at 3:14 PM

    This paragraph provides clear ida in favor of the nnew viewers of blogging, that really how to ddo
    blogging andd site-building.

  • aroma ace diffuser | Mar 24, 2014 at 7:15 PM

    What’s Going down i’m new to this, I stumbled upon this I have found It positively useful and it has helped me out loads.
    I hope to give a contribution & help different customers like
    its aided me. Great job.

  • straighten hair without heat products | Mar 24, 2014 at 9:54 PM

    Thanks for the marvelous posting!I actually enjoyed reading it, you might be a great author.
    I will be sure to bookmark your blog and may come back in the future.

    I want to encourage you to continue your great work, have a nice holiday weekend!

  • enduros | Mar 25, 2014 at 6:12 AM

    Thank you for sharing your info. I really appreciate your efforts and I will be
    waiting for your further post thanks once again.

website security