Internet Security Systems (ISS): Losses Measured In Seconds - Peter Stremus




The protection of digital assets has made it to boardrooms around the world because a hack, virus or worm can have serious consequences. And it takes only seconds to compromise those valuable digital assets, and to break the law, writes Peter Stremus, Internet Security Systems.

Risk management and business continuity have always been part of good corporate governance. With over 90% of current records being handled or stored electronically, a recent survey has shown that the main driver for digital security is no longer then fear of losing data or having downtime, but legislation.

The need to be compliant with industry-specific requirements and national or international laws has brought digital security onto the radar screen of the CEO and CFO. Both must certify that the company’s quarterly (unaudited) financial statements are complete and accurate and that internal accounting controls are effective. Any deficiencies or material changes to the internal controls must be clearly reported.

Every time this statement is due to be signed, top management needs to ask the following questions: Has the financial and other data been compromised? Did anyone have unauthorised access to the data? And even more detailed questions, such as: When Zotob came out, did this affect any of our servers? Did we control company laptops against spyware with possible key-logging functions?

WHO HAS YOUR LAPTOP?

Company laptops are becoming the most uncontrolled part of the compliance process for three main reasons. Firstly, in most cases, company laptops contain a wealth of unprotected information, ranging from salaries to R&D projects, from launch plans to the CEO’s correspondence on an upcoming merger. And all is nicely stored on that one laptop, which can be lost, stolen or hacked into.

Secondly, there is hardly any distinction between the private use and the business use of a laptop. Surfing, personal email accounts, software downloads – all are carried out with the company’s laptop, making it very vulnerable to contamination. As the owner of the laptop is often in charge of installing updates, there is no control over whether the latest security patch has been downloaded or not.

Thirdly, wireless connectivity has made everyone’s life easier, but it has also created a new way to hack into the laptops of the mobile workforce.

PRE-EMPTIVE SECURITY

Internet Security Systems helps enterprises meet their information-security requirements through world-leading products and services that protect online assets.

The Proventia Enterprise Security Platform (ESP) captures ISS’s vision for pre-emptive enterprise protection. It combines continuous vulnerability assessment and threat prevention with enterprise-wide information management and reporting. It ensures complete protection of the IT environment, including gateway, network, server and desktop.

The enterprise-wide reporting through SiteProtector provides the CEO and CFO with a security dashboard at all times and with all details. And Proventia Desktop solves the issue of unprotected laptops through the same pre-emptive and multi-layered security. The anti-virus prevention system even does away with traditional signature updates.

X-FORCE® SECURITY INTELLIGENCE

Proventia ESP is backed by the world’s most respected security research organisation, the X-Force® Security Intelligence team. More than 100 security experts proactively test applications and hardware for vulnerabilities and fix them before they are exploited.

The X-Force® has detected the majority of all high-risk vulnerabilities to critical infrastructure between 1997 and 2005. The force works closely with agencies like the FBI, the CIA and the US Federal Department of Defence, as well as with major software vendors around the world. No other Internet security company has a research and development division of similar size and scope.

MANAGED SERVICES

ISS offers round-the-clock protection for organisations to secure critical information and systems. This comprehensive suite of services provides cost-effective, scalable security solutions.

On the ISS website there are specific documents providing insights and practical guidance on compliance. Please contact us for your copy of Making Sense of SOX or any other questions you have to make your company a digitally safe place.