Internet Security--A Plan of Attack
In the worst case scenario, a company begins to address these issues only after an attack has occurred.
In that situation, Danahy says, CEOs need to run damage control by asking their IT managers even harder questions:
When did this happen? Exactly what happened?
"If the administrator cannot pinpoint exactly when and how the attack occurred, more monitoring and checking are necessary," Danahy asserts.
How quickly can you clean up?
"Good planning and replication should make cleanup a fairly speedy process," Danahy opines. "If the restoration takes days, then better release engineering, planning and backups are needed."
But everyone agrees that it is far better to prevent an attack in the first place.
"The biggest pitfall," Slotnick warns, "is to think of security as different from, and not tightly integrated with, the entire site. Security systems must be tied to the site at the most fundamental, elemental levels, usually beginning with the database schema design. Security cannot be thought of as separate from overall site reliability, performance and scalability. Security cannot be bolted on. Adding it later is almost guaranteed to require a site redesign."