Thursday 20 Nov, 2008
 
 
Search
eNewsletter| Register| Login  
Home Articles UserTV Press Releases Dictionary Careers Resources Forums Blogs Classifieds
Today in Articles | Recent Articles | Popular Articles | Category | Classifications | Submit an Article
The National IT Security Public Awareness Program
Posted by : Brett A. Scudder | Sat, Aug 4 2007 | 06:08:25
Tags : National IT Security Public Awareness
0 Comments Views (3324) Rating Add to More
 

With the IT Security Threats Landscape changing ever so quickly and the methods in which we come under attacks are getting more nefarious, we must take the security preventative initiatives to the next level. We can no longer sit back and put a blind eye to this area of IT as the impact of the financial and economic effects are being felt at all levels of business and personal life.

As an IT Security organization that promotes the development of IT Security awareness and information programs, our interaction with the general IT/public/business communities allows us to have a holistic look at this key area of IT that is reshaping the way we think, work, act and conduct our day to day productivity requirements from a broader view. It is one of those things that cannot be narrowed down to a business entity, vertical market nor size of a business, IT Security encompasses all people, processes and things (including technology) and it is time we take a more granular unified approach to this issue. I am really tired of hearing this being dealt with from a corporate/enterprise/private level and we need to realize the economic impacts trickles down the food chain to those who are less knowledgeable in the area but are directly impact by the effects.

It is with this that I call upon the IT community to unite as a single body towards a national program geared towards the education and promotion of a National IT Security Public Awareness Program “NITSPAP” 'Don't fear IT Security, Unify IT Security' starting in October 2007. This annual week of awareness will be geared towards a specific focus on the IT Security Threats Landscape and the various elements it presents to both the consumer and business sectors. I believe the time has passed for us not to see this as a critical issue that warrants this level of unity in a fight that is not about to be over any time soon. Today’s threats are tomorrow’s problems that are creating the foundation of things to come and if not properly managed and secured will have substantial impact on all levels of our lives. With more and more technology enhancements daily, the availability of new avenues of infection, exploits and vulnerabilities has increased exponentially. How this is being addressed today is not enough as we need to voice it to the masses in a standardized way.

It is only through unity that we can achieve this on all fronts, neutrally, unbiased, unequivocally and directly focused on IT Security no matter who you are or what organization you belong to. The hackers are united and have been bonding together as a force to be reckoned with. They are creating their own groups, communities and methods of clandestine behavior that we must take as a sign of impending danger ahead.

How else can we achieve greater or equal success in the mitigating or risk management of these issues when we’re all operating as individual fronts?

The growth of threats through messaging has prompted the need for a better way of validating the sender of the message so that at first sight the recipient has a better chance of knowing how to deal with it. I remember a few years back we told users that the best way to secure against messaging threats is not to open an attachment from an unknown source. This used to work then but the new threats are coming from new and trusted sources. How do we mitigate this, how do we validate these messages?

With threats/attacks coming from known and trusted users it makes the strategies to defend against these issues even more tedious as your enemy is now your best friend. Still, unchecked, we’re seeing a slow adoption (if any) in the use of PKI technology such as S/MIME (Secure / Multipurpose Internet Mail Extensions) for messaging. The use of digital IDs to validate and authenticate the sender of the message is still in limited use. Unencrypted messages flying around in plain text with critical business information/data is still at an all time high as messaging is now the most critical business process and tool. The use of personal email accounts on webmail services for sensitive/critical information is at a high number without policies to govern them.

Now, you’re protecting your infrastructure in the best ways you can, you’re practicing all the proper standards for security but you’re leaking data/information out of the company through an unsecured account at an unsecure hosting service, hmm.

So, the threat factors are growing at an even more alarming rate, the governance and enforcement is still the same or less and the data breaches/loss is reaching more people in places that you’d think would have by now learnt the lessons from other companies who had suffered at this level of negligence. Still, unchecked, the state of the IT Security Threats Landscape is not safe.

We must unify and unify now or we will forever lose to the IT Security Threats Landscape and the elements that comes with it. Let us join together in mind, resources and the vision of unity in this critical area of information technology. I have conveyed this vision to state and government officials and the feedback and response has been receptive and very positive. I am now extending this out to you the vendors, business executives in all areas of business, associates, fellow consultants, VARs, IT professionals and the public to make you aware of this initiative and how it will be scaled out as a national program.

Day in day out we’re seeing the development of more nefarious and targeted attacks coming from all angles with a single purpose of building out a more destructive roadmap ahead for Information Technology. The attacks are more organized, well structured and formulated and are even harder to detect as being a threat. The levels of sophistication needed to mitigate these threats are not available to the smaller size businesses who are producing as much critical information as major enterprises/corporations do. So now we have major companies doing business with smaller companies and the threat now becomes that of the small company who is handling the data/information.

This is where the change in the threats landscape comes as you are now vulnerable through association and the partners you have. Social engineering, drive-by downloads, phishing, pharming, URL/DNS poisoning, DOS and DDOS attacks and the increase in the messaging threats are growing rapidly by the day. Companies are not implementing awareness programs for their users to stay abreast of the type of threats and how they are spread in and out of the business and home environment.

This week of awareness will be addressing these issues through public speaking at various agencies, institutions and other organizations, media promotions on the air (TV and radio), news papers and across the IT channels, industry and vertical markets. We will be hosting an official conference setup to kick this off and invitations will be sent to all avenues of the IT Security Space. It will be hosted in NYC and the date and time will be confirmed shortly. This will make it a non vendor neutral environment where we can all get together as one without the vendor to vendor conflict issues.

The success of our Mobility/Endpoint Security Summit ‘MESS’ in May showed that we can pull together something good that appeals to all levels of businesses, big and small, public and private and across all verticals, and that they too are very much into looking ahead and reevaluating their infrastructure to accommodate the need for changes to come. As a result of the summit there have been synergies, business opportunities and new partnerships formed between the vendors and our organizations to position us as a force ready and able to address the needs of tomorrow’s threats today. I am confident that we will not face the challenges we did in putting together this event again, lessons learnt, we can do it.

I wanted to give you an early heads up as I have been pushing the plans to vendors, businesses and IT professionals, local communities and groups, to gain their support and I am happy to say that I already have 14 vendors across 6 states that have committed to being a part of this. The vision is real, the mission is strong and the unity is coming. We invite everyone to join in and participate in this great initiative for the future.

Over the next few weeks I will be promoting this through some of the government, educational, financial and legal verticals to gain the support and traction towards the kick off. I have already pitched the plans to some of you and got some receptive feedbacks from it.

If nobody wants to do it, we will, and bring it all together and set the pace for this on an annual basis. It must be done and done now, but most importantly, it must be done properly as time wasted can never be regained and we have lost a lot of time and grounds in this effort.

So please join me in this initiative and I hope that we all see the value in what we do to promote the safe and secure future for information technology superhighway.

I look forward to your feedback and comments.

About the Author:

Brett A. Scudder, President/CEO/Security Architect and founder of the “The IT Security Suite” at http://www.the-suite.net

He can reached at Brett.Scudder@theitsecuritysuite.com

0 Comments Add to More
Recent Posts   Post your Comment
No Records
Recent Articles
Auslogics Software Releases BoostSpeed 4.2™
5 Simple Ways to Speed Up Your PC
Auslogics BoostSpeed will fully support Google Chrome
Auslogics BoostSpeed™ gets 5 stars from CNet editors
Virtual Computing: Businesses Can Save Money, Time and Energy with this IT Approach
>> More Recent Articles
 
Recent Articles
Auslogics Software Releases BoostSpeed 4.2™
5 Simple Ways to Speed Up Your PC
Auslogics BoostSpeed will fully support Google Chrome
Auslogics BoostSpeed™ gets 5 stars from CNet editors
Virtual Computing: Businesses Can Save Money, Time and Energy with this IT Approach
Popular Books
Sun® Certified Enterprise Architect for Java EE Study Guide
By Paul Allen & Joseph Bambara
08/01/2007
$49.99USD
Ace the IT Resume, 2nd Edition
By Paula Moreira
01/07/2007
$24.99USD
Master Data Management and Customer Data Integration for a Global Enterprise
By Alex Berson & Larry Dubov
07/01/2007
$59.99USD
>> More Books
ComputerUser Resources
Advertiser Directory
Advertise your product or service using our advertising Directory and also browse through our other online advertisers.
Consultant Directory
Find consultants and consulting firms of every industry in this directory. Including marketing, business, IT etc.
Forums
Software reviews, technology and hardware discussion forum offering help to users in solving issues . Create your own forum.
Casestudies / White papers
Browse in-depth technical and market research IT white papers / case studies from leading technology vendors
>> More Resources
Copyright © 1997-2010 ComputerUser Inc.
About | Terms of use | Privacy Policy | Legal | Trademark/Copyright | Awards | Advertise | Guidelines |Sitemap | Contact | FAQ's | Feedback | Link to us

Here are the topics we cover computer certification computer careers computer training computer games consulting data recovery data security digital entertainment emerging technology gadget reviews handheld computers hardware reviews home automation home networks home office how-to advice internet linux local companies local news local profiles macintosh mp3 players network security online music online security open-source small-business technology soho software reviews technology books technology dictionary vpn web site reviews wi-fi windows wireless technology tech articles tech news press releases tech dictionary education resources career solutions create your personal blog upload your videos become a writer usergroups special interest group SIG 3com cipts adobe adobe certified expert apc ncpi apple achds acpt acsa actc avaya bea 8.1 certified administrator 8.1 certified architect 8.1 certified developer 9 certified administrator bicsi rcdd checkpoint ccmse ccsa ccsa ngx ccse ccse ng plus with ai ccse ngx cisco access routing and lan switching ccda ccdp ccie ccip ccna ccnp ccnp old ccsp ccvp crmam ip communications optical proctored exams for validating knowledge sales specialist storage networking vpn and security wireless lan citrix cca 3.0 cca 4.0 cca 4.5 cca xp ccea 3.0 ccea 4.0 ccea xp ccia ciw ciw associate ciw certified instructor master ciw admin master ciw designer master ciw enterprise developer security analyst comptia a+ network+ security+ server+ computer associates ca cusa cuse cwna cwna cwsp dell eccouncil cea cep certified ethical hacker chfi e-commerce architect emc emc specialist implemenation technology foundations enterasys ese eta exam express exin exin itil extreme networks ena ens filemaker f7cd f8cd fortinet fortigate foundry cne fujitsu fujitsu guidance software ence hdi css hda hdm hdsa hitachi hitachi certified professional hp ais apc app aps ase certified systems developer csa cse master ase huawei hcne hyperion hcp ibm advanced deployment professional advanced technical expert application developer business process analyst certified administrator certified advanced system administrator certified advanced technical expert certified associate developer certified enterprise developer certified solution designer certified specialist certified systems expert database administrator db2 deployment professional enterprise developer eserver certified specialist ibm on demand business solution advisor solution designer solutions developer solutions expert storage administrator system administator iisfa cifi intel isaca cisa isc cissp sscp iseb itil ism cpm juniper jncia jncis legato lcaa lcea lotus clp lpi lpic level 1 lpic level 2 lpic level 3 macromedia mcafee mcdata csnd microsoft crm mbs mcad .net mcdba mcdst mcitp mcp mcpd mcsa longhorn mcsa 2003 mcsa 2008 mcsd .net mcse mcse 2000 security mcse 2000 to mcse 2003 upgrade mcse 2003 mcse 2003 messaging mcse 2003 security mcse 2008 mcts microsoft business solutions microsoft partner competency mile2 cnsa network appliance nac-na nac-nie naca nace nacp network general sniffer certified professional nokia nokia security administrator nortel ncde ncds ncse ncss ncts novell5 cna 5 cne 6 cna 6 cne 6.5 cne cne upgrade omg ocup oracle 10g dba 10g oca 11i 8i dba 9i dba 9i internet application developer oca ocp8 to ocp8i dba upgrade exam pmi project management professional polycom pcve redhat rhce rhct sair sas institute sas scp saas scp snia snia certified architect snia certified professional snia certified systems engineer snia storage networking certification program administrator professional associate symantec scse scsp scta scts teradata tca v2r5 tcad v2r5 tcda v2r5 tcis v2r5 tcm v2r5 tcp v2r5 tia ccnt ctp tibco tcp trusecure ticsa veritas infraguard chamber of commerce vcp vmware certified professional webex linkedin facebook myspace