Expert outlines tips for boosting critical infrastructure security
The threat of cyberattacks against national critical infrastructure has been a common topic in recent months as politicians attempt to balance the issues of data privacy and effective security. Government agencies throughout North America and Europe have made several attempts at protecting national assets without exerting too much control over the private sector. As Calum MacLeod of encryption key management provider Venafi recently noted for Continuity Central, this has come in the form of prescriptive guidance.
The U.S. Department of Homeland Security and the European Network and Information Security Agency, for instance, have both issued reports outlining best practices. However, MacLeod suggested there are a few critical items missing from these guidelines. He cited the use of outdated SSL certificates and weak encryption keys as examples of how organizations may fall short of fully protecting themselves. He suggested that digital certificate management solutions may be the answer to these difficulties, but his points relate to the larger issue of data governance.
In addition to implementing best practice solutions such as SSL certificates, companies must take stock of their existing safeguards to ensure they are both configured properly and afford the appropriate level of protection given the data involved. For instance, payment card data should be prioritized for stronger encryption over less sensitive information.
A robust data classification scheme may yield benefits in other areas, according to Certified Information Systems Auditor Rafael Etges. In an analysis written in collaboration with Karen McNeil for Journal Online, Etges noted that proper categorization can provide a solid foundation from which future policies and best practices can evolve. This will ultimately lead to facilitating access control and authentication procedures.
Begin protecting sensitive data by implementing your SSL certificate today.