IT Security Best Practices Jerry Crow Maricopa Association
IT Security Best Practices Jerry Crow Maricopa Association of Governments Telecommunications Advisory Group October 23, 2003 1
Trends • • Jerry Crow General IT security, always important, is becoming ever more visible in the media. Active defensive reactions to this threat are becoming ever more sophisticated (read: complex). 9/11 accelerated defensive response evolution considerably Alphabet soup of organizations formed to respond: DHS, ISACs, PCIPB, etc. 2
Trends • • Jerry Crow Microsoft Direction MS has created and fostered an astonishing situation: customers line up to test software products Two years ago: month-long "nothing but security"; largely image, but an improvement Recent remarks by Steve Ballmer bode well for end users of MS software and those that manage the platforms they use. Reminiscent of 1994 and the web 3
Trends Current "Big" Thing Wireless networking security • Products tend to be "wide open" out of the box; end user convenience issue • Original security "standard" (WEP) was inadequate; can be rather easily circumvented by contemporary technology • Security improving rapidly; state-of-the-art is reasonable • Cost and convenience ensure wireless networking is here to stay • External threat: war driving • Internal threat: rogue access points Jerry Crow 4
Information Sources on the Web • www. sans. org Lots of practical security related info • www. researchedge. com/atic/cybersec/ ATIC website – Cyber Security Committee • gita. state. az. us Excellent source for policies, standards • www. nist. gov Excellent source for reference material, "how to" documents • www. dhs. gov Large website – significant amount of info Jerry Crow 5
Information Sources on the Web • www. security. state. az. us AZ Do. A site • www. infragard. net Infra. Gard site; national • www. infragard. net/phoenix Infra. Gard site; Phoenix chapter Jerry Crow 6
Bottom Line • Constantly strive to increase staff awareness of IT security issues • Monitor policies, references, procedures, etc. on a regular basis • Watch MS monthly security updates • IT security is a process, not a product. • Word of the moment: agility Jerry Crow 7
- Slides: 7