Implementing Homeland Security for Enterprise IT

There has been considerable effort put forth by numerous organizations to raise the awareness of the importance of cybersecurity. The work of the FBI, the NIPC, and InfraGard has helped to raise awareness of cybersecurity issues. There is a great deal of information available from all of their Web sites that could be helpful in creating internal cybersecurity awareness programs in an organization.

The computer-focused media, as well as the media in general, have also done an exceptional job in raising awareness about cybersecurity issues. Major virus attacks, for example, have been covered in news magazines, on national and local television news programs, and newspapers from New York City to Peoria, Illinois, to McAllen, Texas.

One of the leading organizations in the effort to improve awareness of cybersecurity issues is the National Cyber Security Alliance (NCSA) (www.staysafeonline.info). The NCSA was founded by a group of public and private organizations, including AOL, ATT, Apple Computer, Cisco Systems, Computer Associates, the Government Services Agency (GSA), InfraGard, McGraw-Hill, SANS, and TrendMicro. I was a member of the founding task force and made a monetary and time contribution as vice president of research for Computer Economics of Carlsbad, California.

The NCSA has been working to promote cybersecurity to businesses and individual computer users. Resources and guides available from the NCSA that may be helpful in internal awareness campaigns include the following:

• Security Fundamentals: Intro, Dangers/Defenses, Viruses, Passwords, and Wrap-up. This free course will provide you with an introduction to and a general awareness of computer security-related issues. It will allow you to identify what you can do in your role within your organization or at home to protect your networks, systems, and information against cyberattacks.

• Beginner's Guide to Computer Security. All computers, from the family home computer to those on desktops in the largest corporations in the country, can be affected by computer security breaches. However, security breaches can often be easily prevented. How? This guide provides you with a general overview of the most common computer security threats and the steps you, your family, or your business can take to protect your computer against these threats.

• Safe at Any Speed: How to Stay Safe Online if You Use High-Speed Internet Access. More people everyday are surfing the Internet using a highspeed DSL or cable connection. A high-speed Internet connection has many benefits, but it is also a tempting target for malicious people on the Internet because of those benefits. If you use a high-speed connection to access the Internet, you need to take some additional steps to protect your computer and the information stored on your computer.

• Home Network Security. Do you have a home network to share a printer or an Internet connection? Or do you operate a small business that networks its computers for e-mail or to share a connection to the Internet? Networks, just like stand-alone desktop computers, can be vulnerable to security threats. This guide will help you to understand networks and network security better. The information in this guide is especially important if you have an always-on or broadband Internet connection.

• A Glossary of Computer Security. Have you ever wondered what a firewall or smurfing is? Or what the difference is between a virus and a worm? This glossary will provide you with the definitions to these terms, as well as some other common computer security terms.

• Overview: Security. The Internet has fundamentally changed the way organizations approach security today. Companies face a myriad of network security risks: Web site vandalism, viruses, Trojan horses, denial-of-service attacks, data destruction and theft, and others. These security breaches can compromise application availability, data confidentiality, and data integrity and, most importantly, can interrupt business and cost resources to respond to attacks and fix any vulnerability. This document provides an overview of security for small businesses.

• What You Need to Implement a Network Security Solution. A breach in network security could cost your company a great deal in lost productivity, lost data, repair work, and loss of confidence among customers, partners, and employees. To prevent a breach, you just need a solid security strategy and a well-planned implementation. This document discusses network security tools, benefits of network security, strategic and deployment considerations, timelines, and measures of success.

• 'Building In-Depth Security for Small and Midsize Business Networks.' Network security is becoming an increasingly important concern for small and medium-size companies. A breach in security can have a significant impact on customers, costs, and operations. This white paper discusses the security requirements that small to medium-size businesses face and how to design secure wired and wireless networks.

The NCSA also provides a list of ten tips that can readily help improve cybersecurity. The tips may be helpful in creating awareness or training materials for use in an organization. These tips can be very helpful if employees access the organization's computer systems or networks from home. A full explanation of the tips is provided at the NCSA Web site. The ten tips can be summarized as follows:

1. Use protection software and antivirus software and keep it up to date.

2. Don't open e-mail from unknown sources.

3. Use hard-to-guess passwords.

4. Protect your computer from Internet intruders-use firewalls.

5. Don't share access to your computers with strangers. Learn about file-sharing risks.

6. Disconnect from the Internet when not using it.

7. Back up your computer data.

8. Regularly download security protection update patches.

9. Check your security on a regular basis. When you change your clocks for daylight-savings time, reevaluate your computer security.

10. Make sure your family members and/or your employees know what to do if your computer becomes infected.

The SBA and NIST have combined efforts to reach businesses of all sizes with the latest cybersecurity advice. The SBA Solutions Newsletter has run numerous articles, including the following, that provide good advice to those businesses that may not have full-time IT staff:

• 'Virus Protection' (July 2003)

• 'Preparing for Contingencies and Disasters' (June 2003)

• 'Choosing a GOOD Password' (May 2003)