Network Security Illustrated buy the book at Amazon now!


search site
Table of Contents

Book
Introduction

Managing
Security

Outsourcing
Options

Reserving
Rights

Determining
Identity

Preserving
Privacy

Connecting
Networks

Hardening
Networks

Storing
Information

Hiding
Information

Accessing
Information

Ensuring
Availability

Detecting
Intrusions

Page Tools
print this pagePrint this Page
email this pageEmail this Page
notify me when this section changesWatch for Updates
send us feedbackSend us Feedback
Outsourcing
Proactive Security
Chapter List
Outsourcing Network Monitoring
Outsourcing Disaster Prevention
Outsourcing Proactive Security
More Information
Resources (links)
Discussions
FAQs
Errata
Sample Pages
Buy The Book
at amazon.com
The expertise of an outside party can help when taking preventative steps against future failures.

Hackers are infinitely resourceful and are constantly coming up with new ways to compromise “secure” systems. It’s flat-out impossible to defend all potential hacker attacks, but it is possible to defend yourself against known vulnerabilities
that are commonly exploited. It’s also possible to mitigate the risks associated with insecure situations. This is the concept behind proactive security, also known as e-risk management.

The following are the five primary components of a successful e-risk management strategy:

Policy: Your security policies are your first line of defense. A fundamentally secure business process makes a hacker’s job much harder.

Auditing: Are your security policies being enforced effectively? An audit can help identify gaps in your defenses.

Defensive forensics: How do you know an intruder has broken in? Because something on your system has changed. How do you know something has changed? You compare your current system with your system when it was considered “secure.” Such a comparison is part of defensive forensics. It can be used to rapidly detect intrusions and can serve as a record of evidence in legal proceedings.

Protection: You’ll probably deploy security systems to prevent the exploitation of your network. You can also use insurance and other risk-transfer techniques for processes too difficult to secure.

Testing: As your business evolves, periodically testing your defenses can ensure that the proactive security measures you’ve taken remain effective.

Strategizing and implementing e-risk management requires a highly specialized set of skills. Few companies have the in-house skills necessary to effectively create a proactive security strategy. Although outsourcing is an optional choice in most situations, here it is essentially mandatory.

Being proactive in business is always a challenge. If you plan ahead and use the concepts found in this chapter, you can severely reduce or eliminate any damage to your company from a malicious attack. This alone makes e-risk management a highly worthwhile investment. The rest of this chapter will help you maximize the value of your proactive security investment through effective outsourcing.

More Information

The above information is the start of a chapter in "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.

Below, you'll find links to online resources that supplement this portion of the book.


Resources

(websites, books, etc.)

Discussions

FAQs

Errata

Sample Pages