Protecting against 'Hacktivists'

By Morse, Neil J. | Mortgage Banking, November 2006 | Go to article overview

Protecting against 'Hacktivists'


Morse, Neil J., Mortgage Banking


Citing a growing threat to corporate security from a wide range of attackers, Ian Lim, director of enterprise security for New Century Mortgage, Irvine, California, spelled out the type and severity of these intrusions at a late-September conference in New York, sponsored by the American Conference Institute (ACI). The event, titled: "Preventing and Responding to Security Breaches," was attended by top-level information security professionals from major national corporations.

"Breaches may come from organized crime, terrorists, hackers and 'hacktivists,'" warned Lim, noting that the last group is comprised of "those out to prove a point and those who are anti-establishment. The main objective is publicity."

Lim, who chairs New Century's Information Security Steering Committee and authored a recently published book, Information Security Cost Management, said that "insider threats" are different today. "We're talking about your extended enterprise--your business partners, your contractors, all the offshore and outsource partners you have."

During the ACI meeting, speaker Stuart Levi, a partner at Skadden, Arps, Slate, Meagher & Flom LLP, New York, recommended that companies draw up--and more important, distribute and practice--an "incident response plan" to deal with security breaches. "This is critical because of the extensive information threat today and the speed with which that information gets around," advised Levi.

But writing a company incident response plan can be daunting, according to Lynn Goldstein, Chicago-based chief privacy officer with JP Morgan Chase & Co., New York. Speaking at the ACI event, Goldstein said, "After looking at what the general [federal] guidance is, it's not quite so easy to write one and put it into actual action."

Once written, though, she says it is imperative to "tell people what the purpose of the policy is." Post-incident activity "is probably one of the most important things you can do," says Goldstein. "Ask: 'What are the lessons learned? Is there any disciplinary action that should be taken?' Communicate your program; if nobody knows about it, it's not a good plan," she declared. And management support is critical," added Goldstein. "Without that, [the plan] is just a piece of paper."

Oliver Ireland, a partner at Morrison & Foerster LLP, Washington, D.C., and a presenter at the ACI conference, said, "People comply best with rules they understand--those that solve problems they are supposed to solve and contain actions they can [actually take]."

But it is insider hacking that can be most insidious, said New Century's Lim, who estimates it can emanate from "the 10 percent of those who can bypass 90 percent of a company's protection." Said Lim, "You can't secure everything, so focus on high-risk areas--identify, verify, analyze, prioritize and remediate." He added: "Conduct an annual risk assessment in the third quarter of the year. Prioritize risk with your executive management and build remediation plans into departmental budgets."

Lim offered several Web sites to help companies keep up with the "current threat landscape." These sites include Symantec Corporation (www.symantec.com/enterprise/threatreport/index.jsp), the Computer Crime Research Center (www.crimeresearch.org/latestnews), the Privacy Rights Clearinghouse (www.privacyrights.org/ar/chrondatabreaches.htm) and millersmiles.co.uk anti-phishing service (www.millersmiles.co.uk/archives/current).

Also at the ACI security conference, experts discussed what is at the heart of a proper reaction to security breaches--namely, sorting out what has happened and determining what must be done from a legal standpoint, as well as a "damage control" perspective. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Protecting against 'Hacktivists'
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.