Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
Editor's Blog and Industry Comments

Internal threat encyclopaedia review

20 August, 2008
The online internal threat encyclopaedia from Promisec provides a useful insight into the latest gadgets and novelties that employees might be using that could pose a threat to IT security
Security threats to corporate IT systems are becoming less of an IT issue and more of a management problem every day but Managers are persistently reliant on the IT department to let them know what's going on, what constitutes a threat, how critical it is and what needs to be done about it. Managing such problems shouldn't require a detailed knowledge of how everything works, hence the popularity of "dashboard" and "console" type products that provide overviews and summaries which signal the Manager when to start digging deeper and involving the technical experts.

However, you can't have a dashboard which tells you what hasn't already been defined and one of the major management difficulties with IT security is that it is constantly evolving with the kinds of threats changing and even the direction from which they're coming.

The techies are the ones who are supposed to stay on top of all of this, making sure that the software is up to date, the signature files updated, policies are being adhered to and all the leaks both in and out of the organisation are well and truly plugged. However, the business managers still need to know what's going on and what questions to ask.

To go some way towards this, Promisec have come up with the online internal threat encyclopaedia on their site which can be viewed at www.promisec.com/encyclopedia and which provides something of a dashboard type layout with the top five and newest internal threats along with their criticality. There is also a full alphabetic listing of all internal threats. The system is live so will remain updated, saving the need to be polled by IT personnel but there's no RSS feed so the only way to get live updates is to subscribe to Risk Alert Feeds by filling out a form which will provide you with live updates while enabling Promisec to keep its marketing database up to date.

The site itself is largely self explanatory and the obvious question about how the criticality is determined is answered in the "Definitions and formula" link from the main page.

This encyclopaedia differentiates itself from the more standard threat library sites such as the very useful virus library from McAfee because it focuses on internal threats rather than those that come from outside. It has been established with little doubt that the biggest threat to IT systems remains internal with the uncontrolled use of such social networking sites as Facebook and tunnelling relay chat applications. It is also known from a number of surveys that corporate leaders are still focusing on external threats whilst paying scant attention to internal threats. Maybe its time to change and the first step in understanding how to do this is to look at the Promisec site.

As for the second step, this is where the Promisec site could go further and provide managers not only with a list of threats and their criticality, but also with a way forward - maybe a white paper on internal threat reduction strategies, details of what various protection measures can and can't offer and a guide to protection through policy management.
Bookmark and Share