Week 4 reading summary and in the news article

Reading Summary:

The enterprise often contains firewalls and an intrusion detection system (IDS) to keep the organization secure. However, that is not enough to detect vulnerabilities or web attacks on an external web server or BIND exploits on a DNS server. There are different approaches when it comes supplementing the security model. Proactive vulnerability is done various ways, depending on the organization, such as proactive vulnerability assessments with Nessus, a low cost automated vulnerability scanner. If the enterprise chooses Nessus, first it will need to configure it properly and then scan the network. After  the scan is complete, interpretation and analysis of the reports is crucial, such as identifying what is a false positive.

Article:

Law firms are willing to spend more than $6.9 million on information security or 1.92% of their gross annual revenues.  This industry contains very sensitive client data and they will take whatever it takes to keep that client data secure. How will they achieve that goal? Law firms are strengthening in-house security skills, identifying gaps through internal and external security assessments, transferring risk with new insurance policies by investing in cyber-liability insurance, and providing training to attorneys and staff on electronic communications risks and phishing e-mails.

For more information regarding this article, please click here.

Question for the class:
Law firms are a growing industry and in the need of more cyber security analysts. Do you see yourself being part of such industry, and if so, how would you contribute on client’s data security?