A period of time of September 11th, 2001 started out like any other for workers of the legislation firm Turner & Owen, located on the twenty-first floor of One Freedom Plaza directly across the street from the North World Trade Center Structure. Then everyone heard a huge explosion and their building shook like in an earthquake. Debris rained from the sky. information security
Not so sure what was happening, they immediately left the building in an orderly fashion–thanks to systematic practice of evacuation drills–taking whatever documents they could on how away. File cabinets and computer systems all had to be forgotten. In the disaster that ensued, A single Liberty Plaza was destroyed and leaning with the top ten floors twisted–the offices of Turner & Owen were decimated.
Though Turner & Owen THIS staff made regular back up tapes of their computer systems, those tapes got been sent to a division of the company positioned in the South Community Trade Center Tower plus they were completely lost when the South Tower was demolished. Knowing they had to recuperate their case databases or likely go out of business, Frank Turner and Ed Owen risked their lives and crawled through the structurally-unstable One Freedom Plaza and retrieved two file servers with their most critical records. With this information, the regulation firm of Owen & Turner could resume work less than 2 weeks later.
Many other companies were never able to restore the info lost in this disaster.
What Has Altered?
One might feel that years after such a destructive loss of lives, property and information there is dramatic dissimilarities and advancements in the way businesses strive to protect their employees, assets, and data. However, changes have recently been more gradual than many had expected. “Some organizations that should have received a wakeup call looked to have ignored the message, ” says one information security professional who prefers to remain unknown.
A look at some of the trends that contain been developing over time since September 11th reveals indicators of change for the better–although the need for more details security advancement is abundantly clear.
One of the most noticeable changes in information security since September eleventh, 2001 happened at the federal government level. A great assortment of Executive Purchases, acts, strategies and new departments, divisions, and directorates has focused on guarding America’s infrastructure with a heavy emphasis on information protection.
Just one month after 9/11, President Rose bush signed Executive Order 13231 “Critical Infrastructure Protection in the info Age” which proven the President’s Critical System Protection Board (PCIPB). In July 2002, President Rose bush released the National Approach for Homeland Security that called for the creation of the Department of Homeland Security (DHS), which would lead initiatives to prevent, detect, and react to attacks of chemical, natural, radiological, and nuclear (CBRN) weapons. The Homeland Protection Act, signed into rules in November 2002, made the DHS an actuality.
In February 2003, Jeff Ridge, Secretary of Homeland Security released two strategies: “The National Strategy to Secure Cyberspace, ” which was designed to “engage and empower Americans to generate the portions of the internet that they own, operate, control, or with which they interact” and the “The National Strategy for the Physical Protection of Critical Infrastructures and Essential Assets” which “outlines the guiding principles that will underpin our efforts to secure the infrastructures and assets essential to the national security, governance, public welfare and safety, economy and public confidence”.
Additionally, under the Department of Homeland Security’s Information Analysis and Infrastructure Protection (IAIP) Directorate, the Critical Infrastructure Guarantee Office (CIAO), and the National Cyber Security Split (NCSD) were created. Among the top priorities of the NCSD was to create a consolidated Cyber Reliability Tracking, Analysis and Response Center following through on a key recommendation of the National Technique to Secure Cyberspace.
With all this activity in the federal government related to securing infrastructures including key information systems, one might think there would be an obvious impact on information security practices in the private sector. Nevertheless response to the Country wide Strategy to Secure The net specifically has been languid, with criticisms centering on its lack of rules, incentives, funding and adjustment. The sentiment among information security professionals appears to be that without strong information security laws and leadership at the federal level, procedures to protect our place’s critical information, in the private sector at least, will not significantly change for the better.