What are the top five high risk areas in a network operations environment?

Although continuity plans, encryptions, and change controls are important security concerns within an organization, they are only some of the components that make up a successful security-integrated business program. Expert Shon Harris explains.

Shon Harris , Logical Security

What would you say the top five high risk areas are in a network operations environment, for example business continuity, encryption, change control etc.?

I'm not going to select the top five areas, because they are all needed. Let's take a closer look at why using your three examples:

If a company doesn't have a business continuity plan when a disaster occurs and assets are devastated, the company could go out of business.
If an organization doesn't encrypt sensitive data, it could be found guilty of non-compliance, or if the data fell into the wrong hands a company could end up in the headlines because a thief got a hold of your customer's personal identifiable information.
If an organization does not use change controls and changes are being made in an unauthorized manner, the company essentially loses money in operational costs, and this directly affects the stability of a corporate environment.

And, barring these three items are under control, if an organization doesn't implement proper wireless security then someone can use that avenue to carry out destruction. Likewise, if proper access controls aren't in place there is a possibility for fraud, and unauthorized access to sensitive data and company assets. Additionally, if security awareness training is not provided, then your organization may be non-compliant with one or two regulations, your users will not be informed on their responsibilities and you could be opening up your organization to potential civil suits.

There are just too many things that organizations need to carry out within their security program. Most organizations are very technology-centric and do a great job on implementing and maintaining firewalls and their perimeter security, but fall short on personnel security, data classification, access control and auditing. ,

So every organization has their own top five things that they need to work on. The industry as a whole is behind on many of the softer security skills (data classification, personnel security, risk management, process management, incident response, etc.), and if one piece is missed, it can negatively affect the company in different ways.

In my experience I have found that most organizations, and even security professionals, do not fully understand ALL of the components that make up a security program. Because organizations and people are so technology-centric they do not know how to properly integrate security into business processes. While, this is getting better over time because regulations are requiring organizations to do a lot more than just implement products, this is an evolutionary process and we are going through a lot of growing pains as an industry.

For more information

Attend our Identity and Access Management Security School and learn how to integrate security into the network.

Learn how to create a corporate security culture.

This was last published in September 2006

What are the top five high risk areas in a network operations environment?

Although continuity plans, encryptions, and change controls are important security concerns within an organization, they are only some of the components that make up a successful security-integrated business program. Expert Shon Harris explains.

Dig Deeper on Information security policies, procedures and guidelines

Planning a zero-trust strategy in 6 steps

As compliance evolves, it's time to re-address data classification

5 to-dos for your GDPR compliance checklist

Adding a cloud security policy to your overall IT defense strategy

Related Q&A from Shon Harris

How should security and networking groups manage the firewall?

How can a call center achieve compliance with ISO 27001?

Should an organization centralize its information security division?

Start the conversation

0 comments

Please create a username to comment.

SearchCloudSecurity

Choosing between proxy vs. API CASB deployment modes

How to use the Mitre ATT&CK framework for cloud security

How to build a cloud security operations center

SearchNetworking

Network pros share Cisco DevNet certification advice

Cloud automation use cases for managing and troubleshooting

A look inside the official Cisco DEVASC 200-901 guidebook

SearchCIO

5 ways to keep developers happy so they deliver great CX

Link software development to measured business value creation

5 digital transformation success factors for 2021

SearchEnterpriseDesktop

11 tips to improve Windows 10 performance

Microsoft Pluton chip will secure future Windows PCs

How does Microsoft 365 extend Windows 7 support?

SearchCloudComputing

A conference guide to AWS re:Invent 2020

Cognito user pools vs. identity pools -- what AWS users should know

How to containerize legacy applications in an Azure migration

ComputerWeekly.com

This Christmas, Covid-19 heightens retail security risks for everyone

Broadband access drives New Zealand remote working to be permanent fixture

Government must hold technology companies to account on e-waste