Part 1 of this article established, through vivid real life examples of common occurrences of security infringements in our everyday life, the need to pay increasing attention to electronic security. This part of the article focuses on responsible and responsive measures to secure your information assets.

 

Would it surprise you to know that fraud – one of the more damaging incentives of a security breach – is one of the fastest growing aspects of our economy? Not surprisingly, this is not one of the growth statistics that the government want to publicise. Not only is fraud prevalent in all facets of the Nigerian society, it is probably one of our most sizeable exports.

 

Impact of security breaches and violations

 

Exposures caused by security breaches and violations can have grievous and far-reaching effects. It may cause damage to reputation and morale and may indeed threaten the very existence of your organization. Loss of customers, embarrassment to management and legal actions against the organization can also result. Threats to the business caused by security infringements can include:

• Financial loss: direct (loss of electronic funds) or indirect (cost of recovering or correcting the exposure)

• Legal repercussions

• Loss of credibility or competitive ability

• Black-mail/Industrial espionage

• Disclosure of confidential, sensitive or embarrassing information

• Sabotage

 

So what can you do to secure yourself? The following questions may be racing through your mind?

• How can I protect my corporate information?

• How can I protect internal group assets from potential internal transgressions?

• How can I leverage the Internet securely to grow my business?

• How do I use IT & the Internet to reduce time to market, improve overall efficiency and grow my business – securely

 

An e-security Roadmap

 

Resist the temptation of addressing symptoms without understanding the root cause. Try not to take rash decisions that will not benefit you or your organization (in other words going out now to purchase the first firewall you come across is unlikely to address the problem effectively. Rather, the following systematic approach (in use by Phillips Consulting) will add more value:

 

 

Resist the temptation of addressing symptoms without understanding the root cause. Try not to take rash decisions that will not benefit you or your organizations (in other words going out now to purchase the first firewall you come across is unlikely to address the problem effectively.

 

 

Step 1 - Build awareness: make a deliberate effort to increase the level of security awareness in your organization. Statistics show that more breaches result from ignorance than from malicious intent. Statistics also show that the enemy may be within - almost 60% of security breaches are perpetuated from inside the organization by either disgruntled or ignorant employees. Awareness can be built through the following activities:

• (Development &) distribution of a written security policy. A security policy clearly establishes the framework and intent of security for a given organization and should be effectively communicated to all appropriate parties.

• Training on a regular basis of new employees, users & support staff

• Non-disclosure statements signed by employees

• Use of different media in promulgating security (e.g. newsletter, intranet, videos, etc)

• Visible enforcement of security rules

• Simulation of security incidents (security drills) for improving security procedures

• Reward of employees who report suspicious events

• Periodic audits

• Prove that we have taken reasonable
  steps to protect the organization’s assets.

• Pass an audit.

• Develop security policies.

• Know the extent to which policies are implemented and are in compliance.

• Know that correct versions (of software patches, virus definition files) are being used.

• Monitor the configurations and permissions of nodes on the network and fix any vulnerabilities found.

 

Building awareness, assessing vulnerability and implementing preventive and corrective mechanisms are some of the steps you may take to secure your information systems. The correct balance must however be struck between protection (keeping unauthorized users out) and enablement (permitting secure connections between authorized users). This is to ensure that the cost of securing the infrastructure does not out-weigh the cost of the investment and your security approach does not stifle competitive ability in the emerging borderless world. Common enablement methods include authentication, authorization and access control mechanism and may take the form of passwords (one-time or permanent), tokens (hardware or software based) or smart cards. More recent methods for validating access include biometric methods such as finger print identification and retina scanning.

 

Finally, it is important to note that the entire security infrastructure will need to be effectively manned and managed.

 

The correct balance must however be struck between protection (keeping unauthorized users out) and enablement (permitting secure connections between authorized users). This is to ensure that the cost of securing the infrastructure does not out-weigh the cost of the investment and your security approach does not stifle competitive ability in the emerging borderless world.