Does your organization spend more on coffee supplies than on IT security? 

If so then you are definitely vulnerable to a cyber attack,”

Richard Clarke the former Whitehouse Cyber Czar during a keynote speech agreed and stated.

“What’s more, you deserve to be attacked.”

An hour of (downtime) is death.

Are you prepared?

Once you install a Web server at your site or have any device that connects you to the outside world, you have opened a door into your local network for external visitors. Network administrators state you are opening up security holes. You have to bear the risks associated with these openings. Web server are not configured correctly or have bugs can allow unauthorized remote users to access information, which is not intended for them.

The days of the lone hacker, successfully guessing and typing in random user id’s and passwords, are now ancient history.

Today’s computer hackers are highly automated and are involved in a vast network (community) with the latest tools, that will launch a relentless wave of attacks at your business as long as it takes to bring you down.

Hackers can execute server commands to modify the system, gain information about the Web server’s host machine or launch attacks. These hackers may attack client side browsers and these hackers through the hole may retrieve their personal information. Network data sent from browser to Web server or vice versa can be intercepted by eavesdropping. Hence, all your information is vulnerable to interception if there is no proper system security on both browser and server sides.

Information Security refers to all aspects of protection for information. Most often, these aspects are classified in three categories: confidentiality, integrity, and availability of information. Confidentiality refers to the protection of the information from being disclosed to unauthorized parties while integrity refers to the protection of information from being changed by unauthorized parties. Availability refers to the information being available to authorized parties when requested.

So do you have any way of gauging how effective your organization’s information protection plan is? If not, what kind of questions should you be asking? Does your organization even have an information protection plan? If not, where would you begin? What kind of electronic commerce controls should be in place?


This entry was posted in Uncategorized. Bookmark the permalink.


  1. Ray says:

    Love this blog