-- Companies shouldn't go overboard protecting their systems from internal attacks launched by employees. While critical servers should be guarded, applying the same level of security inside the company that is applied outside could hamper productivity.
-- In most cases, trying to find out who launched an attack against the company isn't worth the effort and money. This type of after-the-fact investigation is best left to government authorities.
-- Companies should spend extra money to buy security services from their Internet service providers to nip attacks at the ISP (Internet service provider) level, before the attacks hit companies directly.
-- Companies should outsource day-to-day grunt security tasks to outside service providers, to free their internal IT teams to do more strategic security planning and design.
-- A company's security strategy and its security policies must evolve and change to continually support and benefit business processes. Otherwise, security measures will be seen as an impediment and will be abandoned.
-- Some 50,000 of a total 25 million Web servers got hit by attacks in the year 2000, a figure that is expected to climb to 200,000 in 2001, or to 1 million counting Code Red victims.
The event ends Friday. More information can be found at http://symposium.gartner.com/news/index.html.