Information Technology Reference
In-Depth Information
exploit Apache Web servers and other programs. When an attack is detected, the service
automatically blocks it without requiring human intervention. Taking the manual interven-
tion step out of the process enables a faster response and minimizes damage from a criminal
hacker. To encourage customers to adopt its service, ISS guaranteed up to $50,000 in cash
if the prevention service failed.
Security Dashboard
Many organizations employ
security dashboard
software to provide a comprehensive
display on a single computer screen of all the vital data related to an organization's security
defenses including threats, exposures, policy compliance, and incident alerts. The goal is to
reduce the effort required for monitoring and to identify threats earlier. Data comes from a
variety of sources including firewalls, applications, servers, and other software and hardware
devices.
security dashboard
Software that provides a
comprehensive display on a single
computer screen of all the vital data
related to an organization's security
defenses including threats,
exposures, policy compliance and
incident alerts.
Figure 14.2
The Computer Network Defence
Internet Operational Picture
The Computer Network Defence
Internet Operational Picture, a
security dashboard designed for the
United Kingdom government and
military networks, displays near
real-time information on new and
emerging cyber threats.
Associated Newspapers publishes six of the United Kingdom's largest newspapers that
deliver timely information to some 6 million daily subscribers. Its journalists work in many
countries and time zones. The organization implemented a security dashboard to cut the
potential of interruption to its news cycle and raise the security protection of its news stories.
As Mark Callaby, IT Security Officer, states: “We have a diverse IT infrastructure, which
makes it difficult to track the current status of system patches and identify potential vulner-
abilities. We needed to improve our ability to detect spyware, as well as establish a centralized
view of our infrastructure and its security status.”
62
Using Managed Security Service Providers (MSSPs)
Keeping up with computer criminals—and with new regulations—can be daunting for or-
ganizations. Criminal hackers are constantly poking and prodding, trying to breach the
security defenses of companies. Also, such recent legislation as HIPAA, Sarbanes-Oxley, and
the USA Patriot Act requires businesses to prove that they are securing their data. For most
small and mid-sized organizations, the level of in-house network security expertise needed
to protect their business operations can be quite costly to acquire and maintain. As a result,
