About Us | Contact Us
View Cart

Network is a Network Not

By Dan Hadaway | Thursday, August 18, 2011 - Leave a Comment

Four Conditions Laid Out…


…For Why a Network Can be Anything But!
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .


I have to admit that infotex is being called into engineering meetings with larger organizations these days that are not community based banks.  We are finding the paradigm shift to be interesting.  For one, the most experienced people in a non-regulated business sometimes does not understand security as well as the least experienced person in a bank.  I have interacted with CIOs who do not know what a strong password is.  In one case I was scolded because I made the unfortunate comment that a network is a network is a network.  I realized that was an unfortunate comment because it is extremely important for any vendor to any organization to understand the nuances of that organization’s existing information system and the underlying infrastructure which includes “the network.”  But I also needed to push back to that person after demonstrating that we understood those nuances to help him understand that in the eyes of an attacker his network is no different from any other network.  His network has four conditions.

1. There are always vulnerabilities on his network, there are known vulnerabilities, but there are also unknown vulnerabilities and those vulnerabilities can be exploited.

2. There is data in the network that can be leveraged.  Whether or not that data is regulated, whether or not that data is classified, that data could be ransomed, that data could be stolen, that data could be used to extort members of the organization.

3. A method of monitoring, or a risk management system.  Or what infotex is already called, “an IT governance system” that oversees the control of risk.  What the attacker knows about that third condition is that it needs to be avoided.  The way the attacker avoids the monitoring system is by being aware of the fourth and final condition of any network.  Which is exactly what the CIO was saying.

4. A network is not a network is not a network.  A network is impermanent, it is constantly changing and therefore the monitoring needs to be consistent no matter what the network ends up being.

The point is the SIEM needs to be able to monitor the network through the ever evolving state of that network.


Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex

“Dan’s New Leaf” is a “fun blog to inspire thought in the area of IT Governance.”

 


same_strip_012513


 

Posted in Infotex News

Latest News
    Today we present a special BONUS awareness poster for YOUR customers (and users).  This update to the April 2022 Awareness Poster takes some cues from the Dan’s New Leaf article: Why Local? Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the […]
    Awareness is 9/11’s of the battle, if we use it! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . One of my old college buddies hates banks.  He was turned down for a loan a long time ago and just can’t let go.  I actually […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE SERVICE NEWS Dateline: Dayton, IN, June 22, 2022 We are proud to announce that infotex will now be supporting Endpoint Detection and Response (XDR/MDR)! We can manage/monitor solutions you already have or offer one as part of our service while still maintaining a segregated response posture. In recent years […]
    Over 85 percent of surveyed companies report having no  centralized monitoring of networked industrial devices… An article review. If you are involved in IT within your organization, you’re probably aware of the importance of being able to monitor relevant activity from your networked devices, especially if your organization is involved in healthcare, finance, or government.  […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    We always strive to bring you the best content that we possibly can. Your opinion on any content, presentation, service, or anything else you have received from us is important! Please click the button below to let us know how we are doing!  
    What to Expect in an Annual Information Security Report to the Board Webinar-Movie Information security ranks as a top risk to financial institutions, both in terms of likelihood and overall impact. It is important that boards receive annual comprehensive reporting from management about the information security risks and incidents, and the actions taken to address […]
    The Five Precepts of IT Vendor Management Webinar-Movie We’re going back to basics on Vendor Management. This webinar will give you a training tool to help out that new person that is starting to take on the gargantuan task that is Vendor Management.
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    The joint cybersecurity advisory includes the 15 most exploited vulnerabilities reported in 2021… An article review.  While a lot of attention is focused on previously undisclosed or “zero day” attacks, some of the most likely attack vectors are vulnerabilities that have been widely known for weeks or even months.  That’s according to a new joint […]