Released earlier this year, the National Strategy for Homeland Security is designed to protect us from terrorism in the United States on Federal, State, local and private levels. Accordingly, the President has now implemented a strategy for the protection of cyberspace, which is essential to defense and economic security, as well as critical infrastructures. The National Strategy to Secure Cyberspace, which supports both the National Strategy for Homeland Security and the National Security Strategy of the United States, promotes secure U.S. information systems and protects against malicious attacks in cyberspace.
Broken down into six levels, the strategy gives recommendations on how to assist the government on combating cyberterrorism to categories such as home user/small business to government to large corporations. This month, Level 2, large enterprise recommendations, will be highlighted.
Level 2: Large Enterprises
Level 2 of The National Strategy to Secure Cyberspace id designed to encourage and and empower large enterprises to establish and maintain secure systems. The U.S. government says this goal can be realized by large enterprises employing the following initiatives:
• Raising the level of responsibility
• Creating corporate security councils for cybersecurity, where appropriate
• Implementing A.C.T.I.O.N.s (suggestions actions listed later in the article) and best practices
• Addressing the challenges of the borderless network, mainframe security, instant messaging and other technologies
The massive networks of large enterprises offer both great strength and vulnerability. Because of this, large enterprises must ensure that security is of the highest priority within their architectures, network operations and management.
The following are A.C.T.I.O.N.s (taken from the report), or suggestions given by the U.S. government in regard to large enterprise cybersecurity:
• AUTHENTICATION -- Implement processes and procedures to authenticate, or verify, the users of the network. This may include techniques such as PKI using smart cards, secure tokens, biometrics, or a combination of efforts.
• CONFIGURATION MANAGEMENT – Plan enterprise architecture and deployment with security in mind. Manage configurations to know exactly what hardware, operating systems and software are in use, including specific versions and patches applied; create robust access and software change controls, segregate responsibilities; implement best practices; and do not use default security settings.
• TRAINING – Train all employees on the need for IT security and ensure that security is factored into developing business operations. Foster an enterprise culture of safety and security.
• INCIDENT RESPONSE -- Develop an enterprise capability for responding to incidents, mitigating damager, recovering systems, investigating and capturing forensic evidence, and working with law enforcement.
• ORGANIZATION NETWORK -- Organize enterprise security management, IT management, and risk management functions to promote efficient exchange of information and leverage corporate knowledge.
• NETWORK MANAGEMENT -- Create a regular process to assess, remediate, and monitor the vulnerabilities of the network; consider developing automated processes for vulnerability reporting, patching, and detecting insider threats. Internal and external IT security audits can also supplement these efforts.
• SMART PROCUREMENT – Ensure that security is embedded in the business operations and the systems that support them. Embedding security is easier than “bolting it on” after the fact.
Large enterprises must develop flexible IT infrastructures that encourage long-term security and growth of the nation’s economy. Because large enterprises provide a continuous current of stimulation for our economy, their networks must be flexible to increase protection and detection of cyberterrorism.
The government says we all must do our part in protecting the security of our nation – from the home user to large government agencies.
Source: The National Strategy to Secure Cyberspace. United States Government.
How Cebic Technologies Inc. Can Help
Cebic Technologies Inc. provides affordable, real-time IT management for small businesses. Cebic helps to establish and maintain healthy, secure computer networks by providing computer system management, real-time diagnostics, virus/intrusion protection, emergency support and strategic IT planning.
Remote Intelligence™ is a service sold by Hybinette’s sister company, Cebic Technologies Inc. For more information on how you can protect your small business, please visit www.cebic.com or call us 303-987-3679.
