The Shortcut Guide to Business Security Measures Using SSLby Dan Sullivan
The Shortcut Guide to Business Security Measures Using SSL examines current information security threats to business and describes techniques for developing a security management strategy that leverages established best practices. Designed for IT professionals and business managers, this guide provides an overview of security threats, their impact on businesses, and, perhaps most importantly, practices and technologies for controlling security risks.
The first chapter begins with a discussion of cybercrime and the business resources targeted by increasingly sophisticated and organized attackers. The second chapter moves to examine how common weaknesses in business processes, such as insufficient use of SSL, leave organizations vulnerable to data breaches and compromised systems. The final two chapters address how to create a high impact security strategy and implement best practices, including multiple uses of SSL technologies, to protect your business.
Chapter 1: Security Threats to IT Operations in the Age of Cybercrime
Over the past decade, businesses have had to adapt to an array of technical changes, including an increasingly hostile cyber environment. We saw the early precursors of cybercrime decades ago when computer use was limited to a relatively small group of specialists and electronics enthusiasts. Innovative programmers, some still in high school, would find ways to display annoying messages on their friendsâ€™ computers and from there spread to other devices via shared floppy disks. This kind of part practical joke-part vandalism form of malware has been overshadowed by the more serious, technically complex, and financially lucrative form of todayâ€™s cybercrime.
In this guide, we will examine major types of threats to information security that businesses face today as well as techniques for mitigating those threats. One of the most important tools available to us is SSL technology.
With SSL technology, we enable secure communication, identity verification, and ultimately trust between businesses. SSL technology does not exist in a vacuum, though. Information security is a multifaceted challenge that requires coordination of a variety of security measures, so this guide will examine the business and technical practices that weaken security as well as best practices for improving information security.
Chapter 2: Common Vulnerabilities in Business IT Systems
Businesses, governments, and other organizations face a wide array of information security risks. Some threaten the confidentiality of private information, some threaten the integrity of data and operations, and still others threaten to disrupt availability of critical systems. Chapter 1 examined the role of organized cybercrime, the prevalence of malicious software and the underground marketplaces that facilitate the exchange of stolen information, and tools of the cybercrime trade. In this chapter we turn our attention inside the organization. Although the external threats are considerable, they are not the only component in the risk equation. Another important set of factors are the vulnerabilities that lie within an organization.
Chapter 3: Developing a Highâ€Impact
Security Management Strategy
Effective information security requires a combination of technical and organizational controls; however, running down a generic checklist is rarely sufficient. Instead, a highimpact security management strategy is driven by the particular needs of a business, and these needs span the breadth of business and technical operations within an organization. For example, consider some of the questions one should pose when developing a security strategy:
- What business processes and workflows are vulnerable to attack?
- If a particular server were compromised, what would be the impact on dayâ€toâ€day operations to users or customers?
- How can we ensure that our networked applications communicate only with trusted, verified partner applications?
- Can exchange of digital documents be as secure, trustworthy, and enforceable as the exchange of paper documents?
- How can we ensure that confidential information can be exchanged over email and online with reasonable assurance that it wonâ€™t be intercepted and disclosed to an unauthorized party?
Chapter 4: Best Practices for Implementing a Businessâ€Centric Security Management Strategy
A business-centric security management strategy is multifaceted and takes into account both the technical and organizational aspects of information security. Throughout this guide, we have seen how security threats and vulnerabilities can undermine business operations and integrity, and we have discussed methods for developing a security strategy. In this, the final chapter of the guide, we turn our attention to examining best practices for implementing a business-centric security management strategy.
So how is business-centric any different from other approach to information security? The starting point is the business strategy. What are the goals and objectives of the business (or other organization) and how are they implemented? The answers to those questions start to frame the security discussion because we can assess risks to particular business processes and assets. Part of that assessment process is determining a relative value for an asset or process that is being protected. For example, we wouldnâ€™t invest more than the value of car in an anti-theft device for the vehicle. The same logic applies in information security. We mitigate risks to business information assets according to the value of those assets and the priority we assign to them.
Once we understand threats, vulnerabilities, and the risks and costs associated with them, we can then formulate a security strategy for protecting the business. This chapter examines specific methods for mitigating information security risks. As we shall see, one security control, or measure, can help reduce multiple risks, and every risk is ideally mitigated by more than one control. Of course, the reality of business is that we cannot always have our best case scenario, but we strive to get as close as possible.