90 likes | 222 Views
Jerry Crow. IT Security Best Practices. Maricopa Association of Governments Telecommunications Advisory Group October 23, 2003. Trends. General IT security, always important, is becoming ever more visible in the media.
E N D
Jerry Crow IT Security Best Practices Maricopa Association of Governments Telecommunications Advisory Group October 23, 2003
Trends General • IT security, always important, is becoming ever more visible in the media. • Active defensive reactions to this threat are becoming ever more sophisticated (read: complex). • 9/11 accelerated defensive response evolution considerably • Alphabet soup of organizations formed to respond: DHS, ISACs, PCIPB, etc.
Trends Microsoft Direction • MS has created and fostered an astonishing situation: customers line up to test software products • Two years ago: month-long "nothing but security"; largely image, but an improvement • Recent remarks by Steve Ballmer bode well for end users of MS software and those that manage the platforms they use. • Reminiscent of 1994 and the web
Trends Current "Big" Thing Wireless networking security • Products tend to be "wide open" out of the box; end user convenience issue • Original security "standard" (WEP) was inadequate; can be rather easily circumvented by contemporary technology • Security improving rapidly; state-of-the-art is reasonable • Cost and convenience ensure wireless networking is here to stay • External threat: war driving • Internal threat: rogue access points
Information Sources Sources on the Web • www.sans.org Lots of practical security related info • www.researchedge.com/atic/cybersec/ ATIC website – Cyber Security Committee • gita.state.az.us Excellent source for policies, standards • www.nist.gov Excellent source for reference material, "how to" documents • www.dhs.gov Large website – significant amount of info
Information Sources Sources on the Web • www.security.state.az.us AZ DoA site • www.infragard.net InfraGard site; national • www.infragard.net/phoenix InfraGard site; Phoenix chapter
Bottom Line • Constantly strive to increase staff awareness of IT security issues • Monitor policies, references, procedures, etc. on a regular basis • Watch MS monthly security updates • IT security is a process, not a product. • Word of the moment: agility