IT security threats have changed significantly from years past when the bulk of attacks were instigated by hackers seeking notoriety within underground cyber communities. Today, attacks have rapidly evolved from being directed at daily users of the Internet to highly targeted attacks on government and corporate IT installations.
With the use of technology in so many areas of our lives - from those that we see every day such as our computers to others we don't think of, such as traffic light controllers - it's important we take a holistic view of our systems and make security a part of everyone's responsibility.
While the demand for skilled IT workers has never been greater, a tighter rein on municipal budgets and overall spending has forced many Canadian cities to place less emphasis on IT staff training. Most municipal IT training is done on a yearly or biannual basis, meaning staff don't necessarily access the most up-to-date information on IT security.
One municipality that is taking a proactive IT security stance is the City of Mississauga, Ont. As one of Canada's largest municipalities, Mississauga is responsible for a wide range of services and operates as a mini-conglomerate with numerous different businesses under the single umbrella of the City of Mississauga.
In many of these areas, IT security is an integral part and IT staff are seeking new resources and avenues to obtain the latest security information. The City's IT staff have begun reaching out to the Canadian IT security community by participating in local user-group meetings.
These meetings offer an opportunity to obtain the latest information regarding IT security and share experiences with other group members in a social, vendor-neutral and convenient environment. "IT staff need to share information on a regular basis in order to remain current," says James Lin, an integration specialist for the City.
"Community-based user-groups enable IT staff from all organizations to stay up to date without having to go it alone. We can learn about other user experiences with all types of common tasks such as database security, intrusion prevention, compliance and identity, and access management issues."
IT professionals are increasingly turning to their peers and the wider IT community for security-related information and advice. There is an extensive Canadian IT security community that municipalities and IT professionals can draw on.
New relationships can be cultivated at several regional, national and international user-groups, such as the Toronto Area Security Klatch (TASK), High Technology Crime Investigation Association (HTCIA), and industry associations liker the Information Systems Security Association (ISSA) and Canadian Information Processing Society (CIPS).
These groups also provide a forum for experts to take part in discussions and share their expertise on the latest trends and security threats. Members include information security practitioners, managers, network administrators, students and anyone interested in learning more about securing information.
In addition to the community user-groups, e-newsletters and online Web forums, blogs are also becoming a main point of reference. They are the new knowledge centres for both government and corporate IT professionals because they tend to be vendor-neutral and provide real-world examples of IT security. Some of the more popular IT security blogs are Windows Vista Security Blog, MSRC Blog, Port 25 - OSS Lab @ MSFT and Tales from the Crypto.
"As one of the largest and fastest growing municipalities in Canada, we have to do a balancing act to provide residents with the best possible service, while also being the most trusted and secure partner we can possibly be," says Lin.
"While security threats continue to grow in sophistication, public-sector IT workers must focus on making the best use of what's available within the Canadian IT security community."
Although the Canadian IT community has made huge inroads in the area of security, we need to continue to share our experiences and make things easier for frontline IT workers in both the government and corporate sectors.
As budget constraints are a constant across all sectors, IT staff need to capitalize on these new methods to streamline the information retrieval process. Municipalities are one group forging this new path for other industries to follow as they prove they can adapt to today's new IT security challenges.
As a result, more individuals from different worlds will begin to talk together, making life simpler for IT staff across all industries. It is always easier to find a solution collectively versus individuals working on their own, and this is where IT security is going today.
Bruce Cowper is a senior program manager for Microsoft Canada. He can be reached at bruce.cowper@microsoft.com