With the increased reliance upon technology to conduct business, organizations must effectively manage risks while facing new threats to their operations. Primary risks include inadequate security and authentication processes, the increased frequency and complexity of computer viruses, corporate espionage, Internet and extranet connectivity, social networking, and the endless stream of software patches to resolve vulnerabilities. Not only must organizations safeguard against the loss or disclosure of confidential information, but they must also respond to the increase in compliance and regulatory requirements being mandated by industries, customers, and governments for protecting and retaining information. As a result, organizations are realizing the need to manage their risks and implement programs to protect their entire enterprise, not just the Internet access points or individual desktops. Additionally, the proliferation of Smartphones, PDAs, wireless access points, vendor and partner connections, and remote users is not only stretching the network perimeter, but challenging yesterday’s support models as well.
In the past few years network threats have shifted away from individual hackers mostly interested in stealing data, to a second, more malicious wave of intruders intent on damaging or destroying networks. Information Assurance (IA) industry leaders believe the world has entered a third threat phase. In this new environment the concern is the threat from organized crime attacking government infrastructure and Fortune 500 companies. In the past the focus was on the lone hacker working in a room, this third phase of attacks can be best characterized as well-funded computer laboratories operated by teams of skilled programmers. The Defense Department has already determined that the next major conflict will have a cyberspace component.
This growing awareness of cyber warfare has led the Defense Department to release Directive 8570, which focuses on building the work force necessary for a cyber-savvy military. This problem is not unique to government, it is estimated that 90% of the U.S. critical infrastructure is privately owned. For this reason, it is important that all organizations establish a sustained security program that protects the integrity, confidentiality, and availability of critical systems and data. In future segments we’ll explore Information Assurance in more depth.
