Home > Information Security Magazine > Columns > Ping: Nikk Gilbert
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Ping: Nikk Gilbert
Issue: Jan 2007
printer-friendly

When Nikk Gilbert was hired as IT security and telecom director at Alstom Transport, a massive manufacturer of trains and other large vehicles, he wasn't quite sure where to start. Alstom, which operates in 60 countries, had never had anyone dedicated to security, so Gilbert started at the beginning with a detailed network security assessment. What he found offers a number of important lessons for security pros everywhere.

NIKK GILBERT


How challenging was the situation when you got to Alstom? There was no dedicated IT security person--I was the first one--so when I came in, I wasn't sure what to expect. The thing that was on my mind was to get a feel for the network. Unfortunately, a complete network map was unavailable. So I started a LAN/WAN survey with tools I like to use. I got a quick snapshot of how big the network was.

What are the most common security mistakes you find? There are several key things people have to do:

If you have a large enterprise network, you need to have global patch management. You have to get systems up to required security levels. There were a couple of situations where we had to take it to the next level. Some computers are connected to manufacturing machines that can't be upgraded. We've employed an IDS/IPS firewall in front of t...



hem to segment them from the network.

Second is antivirus. Every system has to have antivirus. In a global enterprise, you have to have global distribution.

Next thing would be IT security policy. Unless you're monitoring and controlling, it's just paper.

You have to have a good balance of security and customer service. When I roll out a new program, I try to find a way to make it attractive to the user. For example, single sign-on with a smart card is a way of providing good customer service: Asking the user to remember one PIN versus 20 passwords goes a long way.

That's an interesting attitude. A lot of IT folks tend to think of the users as a necessary evil. Yeah, but that's not where all this is going. Maybe the scare tactics worked five years ago when the CSO went into the CIO's or CEO's office and said, "We have to lock everything down or we're going to lose billions of euros." Now we know it's business that drives IT, not the other way around. Security professionals have to focus on presenting a business case and doing proof-of-concept to show a return on investment. That's the IT security professional of the future, I believe.


Read the full version of this interview with NIKK GILBERT at searchsecurity.com/ismag.





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts