VideoKeeping those priorities in mind, they oversee the implementation of 20 recommended virus controls at the desktop level, plus appropriate controls for E-mail applications, network file and print servers, E-mail gateways, and firewalls.
TruSecure claims that setting in place controls at the desktop level takes from one to several days to configure, test, and propagate, depending on a company's size and the complexity of its systems. But the full monty, so to speak, which involves changes in adjustments in procedure and changes in employee behavior, can take more than six months.
Real-World Rollout
At Bank Central Asia's (BCA) Jakarta, Indonesia headquarters, TruSecure's entire risk management program is under implementation in the bank's 795 branches. The deployment follows an initial rollout over seven months, which focused on the bank's Internet banking business. Darius Wanardi, general manager for IT, says that it wasn't easy to implement the program from scratch.
To meet the practices that TruSecure required before bestowing certification took a long time. TruSecure is a stringent guardian of its certification, which carries with it a money-back guarantee if its methods fail to prevent a hacker break-in. "We had to create new security procedures and policies because we were a new player in the Internet and had no expertise in that area," says Wanardi.
But the upside is that BCA has experienced no Internet security breaches since it signed on with TruSecure in December 2000. Wanardi also says that intercompany awareness of security has become much better, as has knowledge of security issues that affect the bank. "We now have a set of standard procedures and information security policies in place," says Wanardi. "We have to maintain them to keep our TruSecure certification valid."
He adds, "And, of course, our management now sleeps well at night."
Sidebar: Bottomless Pit
CFOs might well regard the enormous and growing cost of network security as an indictment that current methods don't work.
Organizations worldwide spent $8 billion on information security services last year, an increase of more than 19 percent over 2000. Technology consultants at IDC expect this expenditure to reach $24 billion by 2006.
Antivirus products represent a chunk of the expenditure. In the United States last year, 70 percent of desktop computers, 91 percent of servers, 45 percent of proxy devices and firewalls, and 80 percent of email gateways appeared to be protected by full-time antivirus products. Analysts at IT consultants Butler Group in London say that the situation is being made worse by operations issues. They estimate that supporting and managing a company's security setup can account for as much as 80 percent of the company's total investment. The remaining 20 percent is the cost of the software.
What impact did all this investment have on viruses? Almost zero, according to the ICSA Labs Virus Prevalence Survey 2001 published by TruSecure. The survey says that the likelihood of a worm or virus breaching a company firewall has grown at a 15 percent annual clip since 1999.
Reader Comments» Post a comment