Week 5 Security Discussion Comments

  1. There is no way to totally (100%) prevent a computer security breach. There is also no way to guarantee that a bank branch cannot be robbed no matter how much you spend on security. Well planned security investments and procedures can greatly reduce the probability of a security breach but cannot eliminate the possibility entirely.
  2. In both the Disaster Recovery Discussion and this Security Discussion, taking backups was frequently mentioned. Most backup software provides an option to encrypt the backup files. It is important to take advantage of this option. If you do not encrypt your backups, the only thing preventing a storage provider from accessing the data is their policies and procedures.  There is usually no technical barrier.
  3. There is frequently a trade-off between security and convenience. I would prefer to access ACATSNEW remotely as I do now without driving from Evanston to River Forest each time I need to access that server on the Dominican Network. Dominican spent over a year establishing a secure way to access that server without allowing access to other parts of the network (such as the computer in my office).
  4. Even a minor security incident can be painful to customers. My Discover Card number has been compromised several times. Each time it is necessary to go to many online sites and change the credit card number stored on the site (Illinois Tollway, CTA Ventra, ...). Last time this happened, I opened a separate credit card account to use only on selected sites where automatic renewal is critical such as the hosting company where dombsb.com and millerjw.com are hosted..
  5. Here is a link to a short article published on 08/09/2016 about companies that prioritize innovation over security.
  6. For groups 1 and 3 here attached is a Word document that contains a post from Group 2 that shows how a large regulated drug company must approach security. There are good external references at the end of the post.
  7. Based on some postings, I would like to comment that how well IT repairs computers or how quickly they respond to your requests does not have a direct relationship to how well your company protects assets at risk.