Breaking News

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025 Silicon Power Launches WP10 Magnetic Wireless Power Bank Razer Unveils the Ultra-Lightweight DeathAdder V4 Pro Sony launches a high-resolution shotgun microphone with superior sound quality and compact design.

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Ex-Antiterrorism Czar Offers Cybersecurity Tips

Ex-Antiterrorism Czar Offers Cybersecurity Tips

Enterprise & IT Aug 30,2004 0

Richard Clarke--famed as the former counterterrorism czar for Bill Clinton and George W. Bush--ended his government career as the White House advisor to the President on Cyberspace Security.

He is now bringing that expertise to the IT world.

In an Internet presentation sponsored by RSA Security last week, Clarke sounded the alarm on some possible threats, but also unveiled a list of 10 steps, or checkpoints, to help secure IT installations.

Clarke, now chairman of Good Harbor Consulting, advocates a broad approach to IT security, employing what he terms "a holistic view of risk."

Clarke noted that the broad area of IT security is growing has traditionally been slighted by top management in large corporations. He said management--including CEOs, board directors, CIOs, CFOs, HR heads, and internal auditors--should meet regularly to discuss security issues. "This whole group needs to get together once a month," he suggested.

Security issues are rapidly growing in importance to enterprises, he said, noting that not only do top executives have to pay attention to legislation like Sarbanes-Oxley and HIPAA, but there is much pending legislation--on both the national and state levels--that could benefit from input from informed IT managers and from involved top management. "This [can be] about showing the Congress that you don't need to be regulated, because you're doing it yourself," he said.

He ticked off a list of proposed legislation that could become law. The SEC is considering supporting legislation that would require an IT-security readiness statement to be filed with the SEC annually. The FCC is examining regulations that would require ISPs to beef-up their security. Also under consideration, he noted, is legislation aimed at improving security at chemical and electric-power plants.

Clarke listed 10 steps for enterprises to follow:

  1. Establish automatic monitoring of compliance and auditing capabilities of networks. "Every day you can see if you're secure," he said.
  2. Acquire a patch-management system and service. Noting that 50 or 60 patches are issued each week by software providers, Clarke called patching "the number one headache of CIOs."
  3. Set up an identity-access-management system, preferably a two-factor password-ID system. He noted that, today, "almost any password can be broken" by programs easily available on the Internet.
  4. Data should be encrypted in sensitive areas. He said proposed California legislation calls for many IT organizations to encrypt data.
  5. Participate in an early-warning system, preferably with an organization with a set of detect sensors.
  6. Establish rigorous security-oriented service-level agreements (SLAs) with ISPs. Clarke indicated that the FCC is considering making this provision mandatory for certain IT users.
  7. Institute an IT security-awareness program, a sort of catch-all program that would educate staff on widespread security aspects of their networks.
  8. Software should be systematically tested--and not just Microsoft software. He noted that buffer-overflow problems have been cited for years, but little has been done to correct the problem. He said there is a need for "software products that test software."
  9. Secure the physical part the IT organization to make sure that intruders can't just walk in and violate security.
  10. Address "the road-warrior problem," as illustrated by network users logging in from remote locations, who unknowingly have infected software, typically on laptops.

Clarke also addressed the possible security threat posed by the offshore outsourcing of IT operations. "I don't think it's a problem," Clarke said. "Some Indian companies do a better job than U. S. companies."

From CRN

Tags: Cybersecurity
Previous Post
IDC: Server market hits $11.5 billion
Next Post
Intel to throttle power by enhancing silicon

Related Posts

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

  • Apple is The Most Imitated Brand For Phishing in Q1 2020

  • Microsoft Shares Threat Intelligence During Global Crisis

  • Avast Launches New Mobile Browser With Complete Data Encryption

Latest News

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance
PC components

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance

G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025
Enterprise & IT

G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025

Silicon Power Launches WP10 Magnetic Wireless Power Bank
Consumer Electronics

Silicon Power Launches WP10 Magnetic Wireless Power Bank

Razer Unveils the Ultra-Lightweight DeathAdder V4 Pro
PC components

Razer Unveils the Ultra-Lightweight DeathAdder V4 Pro

Sony launches a high-resolution shotgun microphone with superior sound quality and compact design.
Cameras

Sony launches a high-resolution shotgun microphone with superior sound quality and compact design.

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Pure Base 501

be quiet! Pure Base 501

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed