Writing in Foreign Policy, the former inspector general of the National Security Agency identifies four ways the U.S. can bolster its defenses against cyber-security risks. Much of the guidance the author, Joel Brenner, provides also can help organizations shore up their own information security.
In fact, some of the keys steps identified in the article probably can be implemented within companies more easily than they can be put into place by the federal government.
“Companies that wait for the government to â€˜solve' their own security problems do so at their peril,” Brenner warns. Yet, his guidance is light on gloom and doom -- and it sounds surprisingly straightforward to adhere to. “This is an old-fashioned management challenge -- not a technological one,” Brenner asserts.
Companies can start by figuring out which intellectual property and physical assets are in greatest need of safeguarding because it is impossible to protect everything. Second, companies should keep in mind that technology represents one of several important facets of an effective cyber defense. “Unless technology is integrated with personnel practices and operational security, it opens vulnerabilities that its users rarely understand,” Brenner explains. “This kind of integration requires the automated enforcement of reasonable security policies and systematic workforce training; and that occurs only when management, the lawyers, and the technologists work closely together.”
Finally, the article recommends that companies â€“ with strong direction from their boards â€“ ensure that IT security is a risk-management priority; one way to do so is by conducting IT security audits on a regular basis. That focus will help address the “weakest link in any system:” the people who use the system.