5 ways to make sure you aren't the next Wikileak

By Chris Knotts, VP of technology and innovation at Force 3, Network World |  Security, Wikileaks

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Government and intelligence officials around the globe have been caught off guard and in many cases embarrassed and compromised by disclosures of documents on the Web site WikiLeaks.

For security and IT professionals, these leaks serve as an important wake-up call to improve policies, procedures and safeguards. Here are five key tips to help your government agency or enterprise avoid being the source of the next Wikileak.

UPDATE: WikiLeaks' Assange awaits extradition decision

I. Security Policies and Procedures. Every government organization or enterprise must have policies in place to define who gets access to what information, and when. These policies and procedures must be actively maintained and updated and properly communicated. Then, the security policy can be administered by leveraging technology and putting the proper tools in place to secure, enforce, and mitigate risk to the organization.

In the October 2010 WikiLeaks case in involving some 400,000 U.S. military documents about the Iraq war, policy could have limited access to the systems that contained the sensitive information to those that had a "need to know."

In highly sensitive information environments the policy should require strict management, monitoring and control of access only to people who have a legitimate need to know. Governance, Risk and Compliance (GRC) tools allow organizations to automate some aspects of this task by overlaying security policies and controls over corresponding data sources from switches, routers, security platforms, servers, end points and applications, for a real-time view of their state of compliance.

However, no policy can be 100% effective, and many organizations will experience someone on the inside who has met the policy requirement, does have a legitimate need to know, but has illicit intentions. In these cases the security technology should provide the next layer of defense to meet these internal threats.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness