 |
| |
|
|
| |
| 6. |
Views Security
as an Ongoing Effort |
|
The risks to organizational resources
are continually evolving.
Your organization’s unique risk profile changes regularly
as a result of things like network reconfigurations, software
implementations and upgrades, system administration changes,
mergers and acquisitions, policy and procedure changes, and
employee turnover.
 The
threats facing your organization change regularly too. Although
actual threat emergence is difficult to quantify, the CERT Coordination
Center’s advisory postings provide a useful illustration
of threat emergence trends. CERT posts advisories for threats
that it deems critical, with a capacity for widespread impact.
Advisory postings increased by 29% from 1999 to 2000, and by
68% from 2000 to 2001.
Protective devices and protocols are designed to defend against
known and anticipated threats. It is not safe to assume that
they’ll afford you protection against emergent threats.
Consequently, staying on top of your vulnerabilities must be
an ongoing effort. Your security plan should allow for periodic
reviews and updates of your security measures to ensure that: |
 |
Newly implemented resources and unauthorized employee
activities haven’t added unidentified areas of vulnerability. |
|
|
Your organization is protected against
emerging threats. |
|
Other ongoing security activities that should be incorporated
into your plan include educating new-hires about security, boosting
waning attentiveness to security concerns, and addressing changing
organizational security requirements.
If you stay abreast of this issue, it need not become a resource
hog. If you don’t, you’ll see a rapidly diminishing
return on the security resources that you’ve expended to
date.
|
|
|
