Title :
How to shrink holes in corporate data dikes
Author :
Michener, John R. ; Mohan, Steven D.
Abstract :
The security of computer systems is a very hard and complex problem. IT staffers who apply security patches or use layered approaches have lulled themselves into a false sense of security. This perceived security is illusionary at best and destructive in the extreme. True security will increasingly require the use of hardened servers and guards. Defense in depth with distributed guards serving as penetration detectors and reporting attacks on corporate systems provides strong protection against both external and internal attackers. This strategy lets system managers minimize damage and greatly improve the recovery of damaged systems and data. Corporations that choose not to appropriately secure their systems will likely regret it. In the future, companies will probably face liability for third-party losses that arise from system compromises.
Keywords :
legislation; personnel; security of data; system recovery; IT staffers; computer systems security; corporate data dikes; corporate systems; damaged systems recovery; distributed guards; external attackers; hardened servers; internal attackers; layered approaches; penetration detectors; perceived security; security patches; strong protection; system compromises; system managers; third-party losses; Control systems; Cryptography; Data security; Documentation; Information security; Levee; Operating systems; Project management; Protocols; System testing;
Journal_Title :
IT Professional
DOI :
10.1109/6294.988700
