|
 | Protecting Customs computer systems
Avoid becoming the "weakest link"
By Edward Sheehan, Security Analyst, Information Systems Security Branch, Infrastructure Services Division, Office of Information and Technology |
Every day personal, commercial, and government information is stolen, damaged, or destroyed either inadvertently or intentionally. Billions of dollars are spent annually to develop new technology to protect information, but even these efforts have not always been completely successful. The Code Red computer worm, which attacked computers worldwide beginning in August, has already caused over $2.4 billion in damages. The Code Red worm gives high-tech outlaws and cyber-terrorists the ability to take control of unprotected machines and damage or destroy sensitive information. Over the past three years, the damage resulting from attacks on computer systems has exceeded $40 billion. This year alone computer virus infections are up 48 percent over last year. As these attacks continue to escalate, the need for us to increase our security awareness becomes critical. Threats are real
The information processed and stored by Customs information systems is essential not only to Customs and other government agencies, but also to the very fabric of American commerce. The threat to Customs information is real and becoming more sophisticated every day. Threats to information systems security come in all shapes and sizes. Some of these threats are readily apparent; others are well disguised and, unfortunately, very effective. We must all be aware of the more common threats such as hacking, viruses and worms, and human agents. Information on each of these threats can be found on the Enterprise Security Web page on the Customs Intranet (also known as Customsnet) at http://customsnet/iss/index.htm.Information systems security is constantly being upgraded, tested, and modified to ensure that we stay on the cutting edge of security technology. However, all of these security measures will prove useless if the most important link in our protective armor, the individual user, does not fulfill his/her role as a part of the security chain. Avoid becoming the "weakest link"
Success of information systems security within Customs is a team effort. Each one of us has a responsibility to ensure that Customs continues to accomplish its mission efficiently and effectively. By following the three simple guidelines listed below we can avoid becoming the "weakest link" in Customs security.- Be security conscious
Take the time to become aware of Customs policies and your security responsibilities; put into practice the standards and procedures of the Customs information systems security program. - Protect your password
Don't write it, share it, tell it, or e-mail it, but change it at least once every 90 days. - Be wary of e-mail attachments
Don't open e-mail attachments from an unknown non-Customs address, especially attachments with ".exe" extension.
Knowledge is power
The success of Customs mission depends upon our ability to ensure a uniformly secure environment. Knowledge is the tool used to strengthen our collective ability to establish and maintain effective security; understanding the policies and procedures published by Customs is key to having this knowledge. Copies of the U.S. Customs Information Systems Security Policy and Procedures Handbook, CIS HB 1400-05A, and the Information Systems Security User Guide may be obtained in either Microsoft Word or PDF format on the Customs Intranet. If Customsnet is not available, send an e-mail request to securitypolicy@customs.treas.gov. |
|
| |
|
