How Secure is Secure Enough?

How Secure is Secure Enough?  

Published July 2012 through Rashaad Bajwa 

The information security denunciation landscape changes on a daily foundation. How can today's community and regional banks have existence proactive in protecting their IT infrastructures and their customers' sensitive financial information?

Similar to evolution in sum of attributes, banks that don't evolve extravagantly enough face increasing risks. If they have power to't keep up with the changing pledge threats around them, they may not survive a critical security event. The question is most banks don't take a comprehensive view of their IT stake practice and an understanding of in which place they are most vulnerable. Due to regulatory mandates, most have basic safeguards in place and have power to read off the last IT exam results, if it be not that they don't have a tool to evaluate their equitable effectiveness or areas where they are serene at risk.

To help banks befit more self-aware, data security assiduousness experts, RSA and ESG, developed each information security management model, which is break into four phases. The model is designed to control banks find out where they are and to figure thoroughly where they want to go in the time to come to protect themselves. As a bank matures completely time in its IT security practice, it will find itself moving end these four phases.

Determining which aspect is secure enough for your bank exercise volition most likely be a function of roll and risk sensitivity. It is extremely important to note that the greatest part secure banks are not necessarily the ones by the most security products. Security is not around a tech soup of software installed in your environment. It is nearly developing a mature security practice that mitigates risks and provides a trusty and secure IT environment that enables the bank's duty to safely flourish. Following are some observations and insights for applying the original to your bank's IT deposit posture based on the experiences of Domain's engineers in the department.

              

PHASE 1: THREAT DEFENSE

Starting in the 1990s by the Internet and our increasingly akin online world, those of us who are liable for securing IT environments have been painful to determine which security solutions arrange the best protection. We all started with the basics: antivirus and firewalls. Most of these are reactive to known threats in the manner that we hear about them, or suppose that we are too slow, impacted through them. Over the years the technologies changed and matured and we added besides, as budgets allowed or vulnerabilities required. The antivirus predicament grew to become "endpoint protection" and the firewall head grew to include intrusion protection and make ed filtering. Every week, a new "grape-juice-have" security tool surfaces that is purchased conducive to the toolbelt. Adding security tools, we waiting under the possibility of fulfilment that they work as advertised, restrain the bad guys out and ascertain by enumeration us "secure enough."