Action Plan: Pacific Northwest National Labs Recommends Regular Check-Ups - InformationWeek
12:30 PM

Action Plan: Pacific Northwest National Labs Recommends Regular Check-Ups

Technology is good, but the nothing beats the intuition of personal experience.


Continuous vulnerability scanning of your entire network is essential. I've talked to some CIOs who believe that having an external party scan a portion of their network once a year is sufficient. That's frightening. Our system scans the entire network for "Top 10" vulnerabilities as fast as it can (about once per hour), and we conduct a credentialed scan of the network for vulnerabilities once per day. No single scanning tool will pick up all vulnerabilities, so consider using more than one and rotating between scans.

Look beyond vulnerability scanning and periodically assess your complete program. Evaluations need to cover both the programmatic and technical aspects of cyberprotection. This is where an independent assessor, either your internal auditing organization or an external consultant, is valuable.

InformationWeek Reports

Becoming overly reliant on technology breeds a false sense of security. Good detection tools are commercially available, but the actual detection of intrusions still depends heavily on the personal knowledge of the analyst. This should not be a part-time job or one given to an entry-level employee. The intuition of experience is important, as well as investments in forensic training.


The best source I know for expert, unbiased guidance on cybersecurity is the National Institute of Standards and Technology. More than 250 NIST information security documents are available at There's even an online guide to accessing the particular information you need. For example, PNNL uses NIST Special Publication 800-53 Recommended Security Controls for Federal Information Systems to assess the maturity of our cybersecurity program. The NIST publication provides a good template for assessing the robustness of any organization's cybersecurity efforts.

Return to the story:
CIOs Uncensored: Security Smarts

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll