Category: Uncategorized

1. Build on the right spot
2. Have redundant utilities
3. Pay attention to walls
4. Avoid windows
5. Use landscaping for protection
6. Keep a 100-foot buffer zone around the site
7. Use retractable crash barriers at vehicle entry points
8. Plan for bomb detection
9. Limit entry points
10. Make fire doors exit only
11. Use plenty of cameras
12. Protect the building’s machinery
13. Plan for secure air handling
14. Ensure nothing can hide in the walls and ceilings
15. Use two-factor authentication
16. Harden the core with security layers
17. Watch the exits too.
18. Prohibit food in the computer rooms
19. Install visitor rest rooms

http://www.csoonline.com/read/110105/datacenter.html

Subramaniam Ramadorai, chief executive of Indian IT services giant TCS, said that firms should also mitigate risk by ensuring they have backup sites at multiple locations.

Martyn Hart of the UK’s National Outsourcing Association said further attacks could cause companies to avoid developing their own sites in favour of outsourcing work to Indian service providers with established security procedures. Further attacks could also discourage Western managers from visiting Indian sites to better integrate onshore and offshore work.

http://www.itweek.co.uk/itweek/news/2148252/firms-offshoring-india-urged

Processes, procedures and tactical operations must be driven by strategic goals based on your critical assets to ensure that the security program is in step with the enterprise’s business needs. As a result of this alignment with business needs, a strategic security program will enable business and provide tangible metrics to demonstrate its effectiveness.

In an asset-based security program, the information gained by each operational process is tied to the relevant assets. By focusing on the critical assets that your security program is in place to protect, you put in place an underlying foundation that individual security processes can link into. Think of your assets as being the “glue” that holds together a strategic security program, allowing the information gained by one individual process to be readily utilized to by the other processes. And by enabling the flow of information between security processes that are typically isolated “information silos,” you set in place the mechanism that drives continuous improvement across your entire security program.

Tactically speaking, asset-based security allows you to better manage operational workflow by pointing out which security efforts would reduce the most risk. A few days before, several vulnerabilities were publicly disclosed detailing exploitable flaws in your databases. During peak business hours, your IDS detects many possible incidents including a buffer overflow attack directed at your R&D database server. Because your security program is integrated around your assets, the R&D database server is immediately recognized as a highly critical asset that, according to the newly disclosed vulnerability data and ongoing vulnerability scans, is vulnerable to the buffer overflow attack detected by your IDS. The incident stands out from the rest of the alerts and is escalated as the highest priority and your security team reallocates their resources to mitigate the threat immediately, maintaining the integrity of your intellectual property.

Strategically speaking, an asset-based security program keeps intruders out by ensuring that all individual security processes are focused on what matters most to your business-the risk faced by your critical assets. Regardless of what the preferred method of attack will be in the future, the target will still remain the same.

http://www.net-security.org/article.php?id=888

Using a risk-management approach, many companies, for instance, accept a priori that all its activities have risks. The challenge then becomes spending your resources to protect the business from likely security threats. This adds a third dimension to the classic cost-benefit analysis.

You can apply this approach to just about any kind of company. Begin this analysis by categorizing your potential security projects according to their business impact. Here are the categories, in order of importance:

• Enablement: Your enterprise will earn the most return on its investment from security projects that serve as obvious enablers to lines of business.
• Protection of key assets
Opportunity: Opportunistic investments typically result in cost savings or process improvements.

http://www.securitypipeline.com/166400617

Earlier this month, the CBO released a report with projections on the likely economic impact of a pandemic on the United States, and concluded that in a “mild” scenario, 100,000 Americans would die and the gross domestic product (GDP) would drop 1.5 percent.

http://www.securitypipeline.com/news/175003156;jsessionid=L4U2AUHYNRLYYQSNDBCSKH0CJUMEKJVN

Most organizations spend a tremendous amount of resources, time and money to protect their network perimeters from Internet-borne threats and hackers. But no matter how good a defense may be, it usually falls short in addressing the vulnerabilities inside the network at the application layer.

Recent research findings indicate that the application layer is one of the highest-risk areas and where the most potential damage can occur, either through insider targets or lack of protection. As a result, confidential company information can be exposed, resulting in harm to a company, its customers and its reputation. While many variables affect Web application security, improving security in a few key areas can help eliminate vulnerabilities.

It’s critical that security be included in the initial Web design and not retrofitted after the application is developed. While some experts argue over where and when security integration and testing should be applied in the development life cycle, no one would argue that it has become an essential ingredient.

The software industry is making headway in this area, with some providers offering incentives to development teams to integrate security during the application development process. Integrating security into the application development life cycle is not an all-or-nothing decision, but rather a process of negotiation within policy, risk and development requirements. Engaging security teams — in-house or outsourced — during the definition stage of application development determines the security areas necessary to satisfy policy and risk tolerance in the context of the organization.

http://www.computerworld.com/securitytopics/security/story/0,10801,106805,00.html