The same applies to medicine. When a patient arrives at the emergency room, pre-defined standard operating procedures are smoothly put into action without delay. The patient is admitted, wheeled into the operating room and prepared for surgery, while doctors and nurses scrub in and get to work without the individual steps needing to be explained every time.
Another principle that has been successfully used in medicine is isolation, also referred to as quarantine. Like people suffering from highly infectious and dangerous diseases, computer systems infected by viruses must be separated from the network as quickly as possible to keep loss to a minimum. Possible measures in this context include blocking of access and log-ins and separation or disconnection of networks. However, these measures will only be successful if the infection is detected in time. Like an infected wound, the damage caused by an infected system grows the longer it is allowed to fester undisturbed. In a worst-case scenario in medicine, the infected extremity would be amputated. In IT security this would be equivalent to shutting down, deleting and re-installing the production software to keep it from infecting the other IT networks. However, according to Verizon's 2013 Data Breach Investigations Report, 62 percent of the tested companies took at least two months to discover a hacker attack. This area thus offers clear potential for improvement.
Well-structured framework conditions
The last parallel between the two disciplines, medicine and IT security, is their focus on established structures such as standards and legal regulations. Again, organisations are well advised to comply with industry standards and laws. The key standard for IT security is EN ISO 27001, which provides guidance on how to establish a comprehensive security strategy. As a leading international standard for information security management systems (ISMS), it offers a systematic and well-structured approach to protecting sensitive data, ensuring their integrity and improving the availability of IT systems. It also enables structures to be established that can respond quickly to security incidents, define clear responsibilities and improve security management. After all, experience and lessons learned should always be used to initiate continual improvement. In addition, there are legal framework conditions, set forth in regulations including Germany's Federal Data Protection Act, the IT Security Act and the EU Directive on Network and Information Security. The EU also developed and adopted this directive to strengthen the security of data and information.
As in medicine, violations of legal requirements may lead to high fines. External service providers and their expertise offer support and guidance helping organisations to identify the requirements applicable and relevant to them.
Penetration test - the "health check" for your systems
Sign up for Computerworld eNewsletters.