How to Keep Security Projects from Getting Submarined: The Three Undocumented Layers of the OSI Model, Their Impact on Security, and What You Can Do About It

摘要

It's not individual hackers, cyber gangs, inadequate firewalls, missing patches, or even negligent employees. It's not found in the application layer of the OSI Basic Model. Instead, three factors present the greatest threat to data security due to their enormous influence on security decisions and the integrity of security programs: Politics, the Religion of Technology, and Economics. These factors often result in sub-optimal IT decisions that leave a program vulnerable to malicious intrusion or attack. Real-life examples are described as experienced during our IT security audits, and practical guidance is provided for navigating these pitfalls in order to become more effective security professionals. Since founding SECNAP Network Security Corporation in 2001, Chief Technology Officer Michael Scheidell has aggressively pursued the development of innovative security solutions with impressive results, including patent-pending intrusion detection and prevention technology and a revolutionary email security product. During the course of his career he has discovered and resolved vulnerabilities represented on the Common Vulnerability and Exposures (CVE) list, and has been a member of the FBI InfraGard program since 1996, working with other IT experts to assist the FBI's investigative efforts in the cyber arena. Michael Scheidell and his talented technical team know how difficult it can be to affect positive change within an organization. When it comes to navigating the executive suite and the hidden influencers beyond the OSI model-the staff at SECNAP? Network Security have the experience and expertise to assist CIOs, CISOs and IT management in developing effective strategies to successfully drive security improvements.