Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction Cover Your Assets Old Shortcomings Still Hurt Executive Summary The Legal Beast Begins to Stir Epoll Results

Think publicly reported monetary costs of intrusions are chilling? Consider this: According to 8,100 global technology and security professionals polled by InformationWeek, only 18 percent report incidents to CERT or government authorities, and only 14 percent keep business partners in the loop.

If you have not yet crafted an asset-centric, defense-in-depth strategy, this is your wake-up call. Organizations don't need more expensive security controls, they need more effective ones, and there are a few points that can help the process: A holistic approach that balances policy, process and technology is paramount. We must become less perimeter-centric and more asset-centric, because the reality is, we can't protect it all. Bulletproof security does not exist.

Forward-thinking security teams are aligning themselves with the business side of their organizations to create asset-classification systems. These systems can help security teams choose the battles to fight and prioritize deployment efforts. If you use our guide and work smart by putting fundamentals like vulnerability management and intelligent firewalling in place before branching out to niceties such as intrusion detection, 2003 could be the year that the good guys start gaining some ground.