It's not enough to ask about network security; organisations need to know how to proactively detect intrusions and stop them.
It's not that organisations have poor technology; the problem is that technology is poorly configured, Armstrong said.
He added that organisations must simplify security measures, noting that having a single firewall that can identify all security risks was a potential solution.
Organisations must also have a designated security person or security department, he noted. This will help alleviate some of the confusion associated with the responsibility of security, he added.
Another problem that organisations face is a lack of employee education regarding security risks when using the Internet, Armstrong noted that very few staff had attended formal training about security - and this included administrators.
To address network security effectively, Armstrong recommended that organisations use the 20 consensus audit guidelines (CAG), which help provide a holistic network security model.
Share