The Shortcut Guide to Protecting Business Internet Usageby Dan Sullivan
The Internet is now woven into the fabric of business. Organizations that have that long practiced sound procedures for protecting the integrity of their operations and preserving appropriate working environments must now attend to threats from the Internets. Both Internet threats and the countermeasures deployed to stop them are growing in complexity. Readers of The Shortcut Guide to Protecting Business Internet Usage will find an explanation of the business drivers behind the need to protect information assets and comply with regulations, as well as technical details on protecting IT infrastructure and best practices for managing the lifecycle of Internet access protection systems.
Chapter 1: Preserving Business Integrity
Organizations depend upon reliable and secure Internet access to conduct business, yet of all the venues for conducting commerce and other operations, the Internet poses some of the greatest challenges:
- How can businesses protect private and confidential information?
- How can one be sure data is not tampered with in transmission?
- What regulations are applicable to Internet content?
- Is the current state of network and related infrastructure secure?
These are just some of the questions facing organizations that depend upon the Internet. This guide is designed to address some of the most pressing questions facing executives and IT managers with regard to protecting the use of Internet access and Internet content for business, government, and other organizations.
This first chapter addresses the problem of preserving business integrity, beginning with the business case for expending time and resources to ensure the integrity of Internet access and content. Although compliance is a term that is too often used to grab attention and headlines, it is a topic central to the issue of business integrity in general and is highly relevant to business use of the Internet. Business integrity has both an external and internal dimension. In the latter case, organizations must control the workplace environment and address the human resource issues that can arise with widespread use of Internet technologies. Of course, the Internet has not changed the nature of workplace issues, but it has changed methods of challenging as well as controlling the work environment. Finally, a brief discussion of Internet-based threats and corresponding countermeasures concludes this chapter.
Chapter 2: Protecting Internet Access
Business Internet use is subject to a dynamic environment in which both external and internal threats adapt to preventive measures as well as emerging opportunities. For example, computer viruses were once transmitted via diskettes shared among PCs. Later, they leveraged the communications capabilities of the Internet. Since then, they have incorporated multiple techniques to avoid detection. As viruses became more sophisticated, so did the countermeasures for detecting and stopping them. This chapter will examine the evolving nature of threats and countermeasures, in particular, it will examine:
- Common inbound threats
- Common outbound and intra-organizational threats
- Growing complexity of threats
- Increasingly sophisticated countermeasures
As this chapter will demonstrate, the wide variety of threats facing business Internet use requires a broad range of countermeasures. There is no single solution that will preserve the integrity of business operations on the Internet.
Chapter 3: The Lifecycle of Internet Access Protection Systems
Protecting information assets is a multifaceted challenge. To begin, there are many kinds of threats to information assets, ranging from external attackers to natural disasters. There are correspondingly many countermeasures and risk mitigation strategies to reduce the potential impact of these threats. Once in place, security measures must be managed and maintainedâ€”particularly with an eye to keeping up with changing security conditions. And if there were a security breach, security and information management teams would have to respond to control the damage and recover as quickly as possible. This chapter will examine several key parts of the life cycle of Internet access protection systems:
- Assessing threats and appropriate countermeasures
- Developing and maintaining policies
- Implementing multipoint solutions
- Maintaining and monitoring countermeasures
- Implementing incident response
Although the term â€œlife cycleâ€ is being used, it is worth noting that the relationship between these elements is not a strict cycle in which one element always follows another. For example, assessing threats and countermeasures is often followed by the development of policies and procedures but the assessment of threats might also be followed by an immediate change to a countermeasure. Similarly, a forensic analysis of a security breach can depend heavily on information gathered during threat monitoring. Letâ€™s begin the discussion of the life cycle with the core problemâ€”threats to information assets and how to counter them.
Chapter 4: Trends in Internet Access Protection
The means and the methods for using the Internet for business are constantly expandingâ€”and so are challenges to protecting information assets. Throughout, this guide has examined fundamental issuesâ€”both business and technicalâ€”entailed in the use of the Internet. This chapter examines several emerging and dynamic areas of concern for Internet security:
- Challenges of mobile devices
- Increasingly porous network perimeter
- Loss of intellectual property through industrial espionage
- Protecting against zero-day threats
- Increasingly complex countermeasures
- Future of content protection
Each of these entails threats to Internet use that can compromise business and organizational activity if not properly addressed. It is the goal of this chapter to provide a starting point for adapting to these emerging threats.