Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Weekend Patch Report / FBI: We Need to Improve Ability to Gather, Share, Analyze and Use Cyber Information

February 4, 2012 by Stan Stahl Ph.D.

FBI: We Need to Improve Ability to Gather, Share, Analyze and Use Cyber Information

FBI Director Robert Mueller told the U.S. House Permanent Select Committee on Intelligence this week that he believes “the cyber threat will equal or surpass the threat from counter terrorism in the foreseeable future.” Elaborating on the breadth of the threat, he said “there is very little we do in this day and age that is not on or somehow associated with the internet. The theft of intellectual property, the theft of research and development, the theft of the plans and programs of a corporation for the future, of all which are vulnerable to being exploited by attackers.”

It is not just our sensitive information that is threatened. The Internet itself is threatened … and extremely vulnerable. In the last several weeks, we’ve seen successful Distributed Denial of Service (DDoS) attacks against banks, governments, law enforcement and the entertainment industry. We’ve seen Israeli and Palestinian cyber-vigilantes launch DDos attacks against each others web sites. What happens when  radical organizations discover they can launch a DDoS attack against their enemies? We should not be surprised to see the Internet become a battleground in America’s culture wars.

In his testimony, Mueller recommended that we need to become better at gathering, sharing, analyzing and using cyber information, offering several specific suggestions to the Committee for needed changes at the Bureau, throughout government and in new legislation.

His recommendation apply as well to individual organizations, as our work with clients continue to demonstrate. Every organization with sensitive information needs to continually ask itself: Are we gathering the information we need to understand our cyber threat and the quality of our cyber defenses? Are we effectively analyzing this information, using it to better secure our information? Are we sharing it with the necessary parties? In particular, is management getting the information they need to proactively manage information risk?

One highly critical defensive measure, for example, is to rigorously keep software patched. One of the easiest ways for a cyber criminal to take control of a computer is to exploit a vulnerability in unpatched software. That’s why we publish our Weekend Patch and Vulnerability Report, alerting readers to major patches.

Patching needs to be on the Weekly Must-Do list of every IT Department and IT vendor. Yet, when we assess the patch levels of organizations, we are not surprised to often see more than 100 unpatched vulnerabilities on desktops. Does IT gather vulnerability information? Do they analyze it, taking appropriate action to keep vulnerabilities to a minimum? Is it shared with Senior Management? Does Senior Management know that IT must patch vulnerabilities to comply with laws like HIPAA HITECH or contractual obligations like the Payment Card Industry’s Data Security Standard? Does Senior Management regularly monitor “weekly vulnerability trends?”

Mueller’s recommendation that we become better at gathering, sharing, analyzing and using cyber information apply to our communities as well. That’s what led our Los Angeles ISSA Chapter to launch our Community Outreach Program 5 years ago. It’s our mission to be the premier catalyst and information source in Los Angeles for improving the practice of information security. It’s the genesis of our tag: It Takes the Village to Secure the Village. SM   It’s the orientation of our newly designed website. And it’s the focus of our forthcoming Fourth Information Security Summit, being held May 16, 2012 at the Universal Hilton Hotel.

Human nature being what it is, cyber crime and hacktivism will likely get worse before things get better. While we can hope to avoid cybergeddon, we also have to remember that hope is not a strategy.

 

Filed Under: Weekend Patch Report

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy