Tag Archives: Improvement

Pragmatic Approach to Security

Security, security, security. It keeps CIO’s awake just thinking about it. Just ask the US State Government CIOs. The challenging thing about IT security is that it covers nearly every aspect of IT from design and build around networks, platforms, applications through to threats, risks, mitigations and identity. The good news is that the budget for IT security seems to be on the rise. With all that extra money, the only question worth asking is what to spend it on?

Apart from simply suggesting that the extra cash could be spent on complying with the top cyber intrusion mitigations identified by the Australian Signals Directorate with their Top 4 and their extended Top 35 – as valuable as they are, perhaps those extra funds could be spent on the basics surrounding good design. In this case I’m referring to the pragmatic use of:

  1. Network zones.
  2. Controlled ingress and egress points.
  3. Layered security.
  4. Redundancy in your controls.

Continue reading