|The expertise of an outside party can help when taking
preventative steps against future failures.
Hackers are infinitely resourceful and are constantly coming up with new ways to compromise “secure” systems. It’s flat-out impossible to defend all potential hacker attacks, but it is possible to defend yourself against known vulnerabilities
that are commonly exploited. It’s also possible to mitigate the risks associated with insecure situations. This is the concept behind proactive security, also known as e-risk management.
The following are the five primary components of a successful e-risk management strategy:
Policy: Your security policies are your first line of defense. A fundamentally secure business process makes a hacker’s job much harder.
Auditing: Are your security policies being enforced effectively? An audit can help identify gaps in your defenses.
Defensive forensics: How do you know an intruder has broken in? Because something on your system has changed. How do you know something has changed? You compare your current system with your system when it was considered “secure.” Such a comparison is part of defensive forensics. It can be used to rapidly detect intrusions and can serve as a record of evidence in legal proceedings.
Protection: You’ll probably deploy security systems to prevent the exploitation of your network. You can also use insurance and other risk-transfer techniques for processes too difficult to secure.
Testing: As your business evolves, periodically testing your defenses can ensure that the proactive security measures you’ve taken remain effective.
Strategizing and implementing e-risk management requires a highly specialized set of skills. Few companies have the in-house skills necessary to effectively create a proactive security strategy. Although outsourcing is an optional choice in most situations, here it is essentially mandatory.
Being proactive in business is always a challenge. If you plan ahead and use the concepts found in this chapter, you can severely reduce or eliminate any damage to your company from a malicious attack. This alone makes e-risk management a highly worthwhile investment. The rest of this chapter will help you maximize the value of your proactive security investment through effective outsourcing.
The above information is the start of a chapter in "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.
Below, you'll find links to online resources that supplement this portion of the book.