Prevention is fundamental and is generally well understood by many. The principle: do everything you need to protect themselves. It is most often to adopt the following approach:
- Risk Analysis
- Defining a security policy
- Implementation of a solution focused on one or more firewalls.
- Audit of the solution
- Updates
The market today cover very well this approach: the consulting firms are very active in the risk analysis. Integrators propose and implement solutions with a vengeance. Companies specialize in security audits, others make the technological safe and can trigger updates (usually performed by the integrator).
Detection
The principle is to be able to detect when preventive measures are taken in default. Detection, although some technical tools available, is too rarely integrated infrastructure. It is true that integrators often provide these tools in the development of internet infrastructure, but their deployment is marginal in addition to these specific projects. In addition, at present a severe lack of jurisdiction is to be deplored.There are still too few people trained in this type of tool. Detection requires continuous monitoring of the status of system and mechanisms to protect the dissemination of alerts.
Reaction
While it is important to know that an attack is in progress or that an attack was successful it is even more important to provide the means to react to this fact. This is the most neglected even in the current major players in IT security. Yet it is not possible to forget the creed of all consultants in risk analysis: "zero risk does not exist" or "there is no absolute security." Should always anticipate and prepare for the worst. This involves the implementation of operating procedures specific to the reaction in case of attack, writing and testing a continuity plan to use in case of serious disaster. It is also important to have tools to share any information collected may be necessary in the event of legal action. A framework should also be provided at the level of responsibility and because of this insurance contracts should take into account the risk posed by pirates. The market covers this issue very badly right now. There are very few companies offering a real investigation of incidents. Moreover, even if some law firms specializing in Internet law, the coverage of IT risk and the definition of "evidence" in cases of computer crimes are still unclear.
Conclusion
The consideration of security issues is currently underway in France in the vast majority of businesses but for now the means used are not always sufficient. To support companies in their process of securing the market, high growth was first organized in the area of prevention. However, many questions remain unanswered when it comes to detection and response. These two areas that affect the daily operations (or operation) security infrastructure are still full of promise but also of concern to the various players in IT security.
