The protection of information and information systems is becoming exceedingly complex and challenging. Fundamental to the safeguarding of critical assets, i.e. information and information systems, is an effective corporate security management program.
As mentioned in previous "Web Browser" columns on security, there are numerous Web sites and best practice reports which will assist management in the improvement of their security management practices. For a quick update, access CIO Canada's "archive" section at www.itworldcanada.com/content/main.cfm and review the October and December 1999 Web Browser columns on improving security practices. Also, for your information, all CIO Canada issues since December 1998 are now available for review and printing at this site.
The SANS Institute is another organization that will assist your security efforts. Study the SANS Institute's Network Security Road Map which is available on their Web site at www.sans.org/newlook/publications/roadmap.htm.
The Road Map provides comprehensive information developed by leading experts including ideas and suggestions on:
Integrating Security Into Your Organization;How to Get the Work Done;Where to Find the Right Information; andPitfalls and Vulnerabilities.
Every security administrator in your organization should visit this site periodically to obtain tips, tools, and ideas to enable them to strengthen the security management program.
www.sans.org/newlook/home.htm
The SANS (System Administration, Networking, and Security) Institute is a cooperative research and education organization through which more than 62,000 system administrators, security professionals, and network administrators share the lessons they are learning and find solutions for challenges they face. As a part of this effort, SANS offers a series of exceptional educational conferences featuring up to eight days of in-depth courses and multi-track technical conferences focusing on user experiences and problem solving. SANS also produces a series of cooperative research reports, electronic digests, and posters of authoritative answers to current questions.
www.infowar.com
Informational warfare has been active for a long time. This site is an excellent source of information on what the emerging threats and security risks are. Protection against hackers, terrorism and espionage, Internet crime, viruses, denial of service attacks, etc., will be improved after exploring this site. Plan on visiting this location often -- new issues emerge almost every week, unfortunately.
Documents to Assist Every IT Department
The new year brings new challenges and new opportunities. The documents at www.cio.gov/docs/committee_topic.html have been developed to assist CIOs at various U.S. Federal Government Departments and Agencies. They constitute one of the most comprehensive libraries I have come across to date. Bookmarking this site may be one of the most cost-effective things you do this year.
Leading Web Sites Supporting IT Security
www.cert.org
csrc.nist.gov
www.cse-cst.gc.ca
www.isaca.org
www.infowar.com
web.mit.edu/security/www/
www.gao.gov/special.pubs/pdf_sing.pdf
www.sei.cmu.edu/cmm/cmms/cmms.html
Best Practices for IM/IT
www.sei.cmu.edu
www.cio-dpi.gc.ca
www.itpolicy.gsa.gov
www.cio.gov
www.itrb.gov
Dan Swanson is a management consultant with LGS Group in Winnipeg. He specializes in audit and management consulting and can be reached at dswanson@lgs.ca.