Single point of failure can cause serious security breakdowns in any corporate network. This can be caused by the simplest of errors in system design and implementation or by corporate security policies being poorly established at a management level.
Common examples of this are where fully qualified product engineers leave unnecessary NetBios on dial-up networks, the use of public IP subnet addresses in corporate LANs and the unnecessary introduction of routing protocols. It is a common complaint from users that they have had their administrators rights removed! Many corporate managers do not believe that the threats to their data will become a reality.
Today, information security management is a CSR (Corporate Social Responsibility). Corporates are required to assess assets, analyse risks, establish security policies, implement, establish disaster recovery or business continuity plans, monitor and test, regularly audit and maintain these policies. All members of a corporate should be aware of these and be regularly trained.
BS7799 is a guideline for ISMS (information Security Management System), that recommends a PDCA circle (Plan, Do, Check, Act). At Exlayer, we believe that a number of small PDCA circles for various stages of the ISMS, produce the ultimate larger PDCA circle that establishes an overall, strong corporate ISMS.