Thursday, March 18, 2010

Hacker Series (Part 4)

Hacker Series (Part 4)

Every new innovation in networking speed and usability comes with an equivalent increase in risk, so companies must keep up with the onslaught of threats present throughout the web. The companies keep up by implementing a patch, or "quick fix" to the programming threat that exposes the Internet security of the company. Over the last 30 years there has been a rise in the use of firewalls, antivirus software, and spam filters as IT managers fight to protect the technology but it is a battle with a new front daily. This makes it critical for IT managers to be continually educated about the advances in threat and defense through journals, magazines and conferences.


A recent article in Business Wire Magazine (2009) indicated another threat to business. Hackers are able to steal contact lists and classified documents from smart phones like Blackberries. These phones have enhanced features, allow peers to communicate, allow Web browsing and have multiple voice and data interfaces. The article went on to say that the variety of interfaces make exploitation easier. For example: “Short Message Service (SMS) feature, available on just about any smartphone device, gives hackers a way to: Inject viruses ,steal user data, e-mails, contacts and data files, clone devices and create DOS attacks “. New software is being developed by a variety of companies to help the IT managers deal with this new arena of threat.

The additional requirement of security on the Web has created a number of regulations that companies must put into practice such as the Sarbanes-Oxley Act, but there are several additional regulations that exist to promote security over the web. For example, the Health Insurance Portability and Accountability Act (HIPAA) were enacted in 1996 in part to protect healthcare information on the web. Section 501 of the Gramm-Leach-Bliley Act (GLBA) requires financial services firms to implement and enforce a written "information security program" to protect non-public customer data. Sarbanes-Oxley (SOX) requires that companies implement an internal control framework which includes implementing appropriate information technology tools and processes to ensure internal control (McNamara, 2005).

IT managers must lobby companies to set aside more money and resources to implement controls in order to comply with these regulations, or their employees could be legally responsible for fines or imprisonment. Legislation and regulations governing HIPAA, and SOX include criminal penalties: up to 10 years in prison with HIPAA for "obtaining or disclosing protected health information", and 10 to 20 years with SOX for "destruction, alteration or falsification of records" (McNamara, 2005). The IT manager would certainly be in line for any discipline if these regulations were not complied with so they have the right and responsibility to be informed.

No comments:

Post a Comment