Taking security on the offensive

Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

I believe many people involved with IT security have a feeling of frustration that stems from continously reacting to external forces: spam attacks, spyware attacks, insider threats, analyst reports and new product announcements. Is it possible to be an information security officer and mitigate threats to confidentiality, availability and integrity of data in a proactive fashion?

Well, step back and consider three basic tenets of IT Security

  • Information Security is Warfare.
  • Most of your information security strategy is reactionary with “Penetrate and Patch” methods
  • Few implementations address the collection of information about attackers.

The key Elements in Information Security Strategy

I propose to stop reacting and go back on the offensive, with a proactive security strategy based on control, collection, capture and change:

Control: Managing the access of information to and from the network and systems.
Collection: Gathering information about user habits and systems behavior.
Capture: The capture of information from anomalous events on the network.
Change: Adapt the security posture to meet new situations.

By basing both defensive and offensive tactics on these four strategic elements, you can poractively control who accesses your network, collect information about abnormal transactions, capture anomalous events, and adapt your security posture to meet changing situations.

Defensive Information Security Tactics

  • Network Access Control.
  • Host Access Control.
  • Intrusion Prevention Systems
  • Data loss prevention (DLP)
  • Application firewalls
  • Backups

Offensive Information Security Tactics

  • Honey Pots and Honey Nets.
  • Attacking and auditing your own systems.
  • Proactive response to attacks.

Acknowledgement: Christopher Neitzert (Chris@Neitzert.com) who was the first to delve into how to improve information security with a combination of both offensive and defensive tactics.

Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply