Today, security breaches are motivated less by fame and notoriety and more by a desire to profit from criminal activity, and new attack vectors, combined with an increased sophistication of malicious individuals, create an omnipresent threat. At the same time, heightened regulatory scrutiny and increased financial liability raises the costs for failing to protect the computing infrastructure.

With security now a pressing concern for every organization, it is not surprising that everyone from system administrators to Board members now assume an active role in protecting the organization. But even with the increased level of awareness at all levels, it is CIOs who are often in the “hot seat.” For CIOs, fully understanding best practices and being aware of new security options under development are pivotal factors in delivering system-wide protection.

To be sure, absolute security is an elusive myth. In much the same manner as governments try to provide a level of security for entire nations, comprehensive IT security demands a layered approach. Security experts refer to this methodology as “rings of protections.”

To help CIOs devise a deliberate and comprehensive security plan, the following roadmap divides assets and products into three logical and concentric rings that together provide organizations with protection against current and future threats.

Phase 1: Guarding the Transportation Networks
Initial security efforts focused principally upon perimeter protection. These technologies mirror their analogs in the physical world and serve to protect our electronic equivalents to airports, docks and rail systems. Firewalls restrict access to resources just as countries limit access at their borders. Virtual private networks grant entry to authorized users, and intrusion detection systems monitor traffic to warn of potentially illegal activity.

While network protection is central to any well-designed security strategy, this outermost ring guarantees only minimal levels of protection. First-generation companies in network security witnessed industry consolidation, and Cisco and Juniper dominate today’s market.

Recent startups in network security focus higher in the application stack. Deep packet inspection firewalls, often referred to as intrusion prevention systems, examine individual data flows to detect malicious activity. Other innovative startups are also working on XML firewalls, voice-over-IP border gateways, in-line appliances to protect against denial of service and wireless security.

Protecting network “transportation systems” is the first step in a cohesive security plan.

Phase 2: Securing Critical Infrastructure
Demand for greater access by end users and business partners alike has resulted in increasingly porous networks inadequately protected against new threats. Moreover, today’s most insidious attacks circumvent traditional network security products. As a consequence, individual assets within the organization must be secured as well. This is again analogous to the safeguards put in place by agencies within the Department of Homeland Security to protect resources such as our nation’s telecommunications, energy, banking and finance systems.