As a security professional, the essential disciplines associated with operating in cyberspace, such as using the right security tools, installing the latest updates and encrypting data, come pretty naturally to me.However, of late it has become obvious that it is not just the technical practices and the whizz-bang technologies that make us secure. It is more about a state of mind, and continued application of best – or at least good – security practices as we use our chosen technology.Most mobile professionals need at some time to access a PC in a public place – a PC which has been, and will continue to be, used by large numbers of unknown people. Recently, when I was using such a computer, after my session I carried out all the usual best practice tasks, and cleared down the browser history, cookies, and other digital footprints. However, when I looked at the previous history of use, it was possible to see the type of person, and in some cases the company, that had used this resource.In this case, the previous users had clearly been working on business-related topics, and had downloaded files to the local disk. Under Windows, where such data will be written to by default, sure enough in the My Pictures and My Documents folders, information was located that would be considered pretty sensitive by many.Without exception, the users of the system in question were all considered to be computer literate, and as such, would have been expected to be aware of the threats, and the necessary steps and countermeasures to protect their identities.Security tools, applications, and other related technological methodologies employed to defend user systems go a long way to mitigating against cyber attacks. But only when they are combined with user best security practices will they fulfil their potential to secure the system. It is good to be careful, but possibly, much better to be paranoid.John Walker is a member of the E-victims Advisory Council and the ISACA Security Advisory Group
itweek.co.uk @ 2010 Incisive Media
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.