Five tips for CIOs looking to prevent Wikileaks-style disclosures

Following a week of escalating events surrounding Wikileaks, Network Access Control vendor ForeScout gives CIOs some advice

Since it launched in December 2006, whistle-blowing web site Wikileaks has been revealing politically sensitive information to the world, leading to an international government backlash with several commercial supporters withdrawing support for the site.

The story has seen IT decision makers reflect on both the potential ramifications of the release of private company information (see our poll question); and what they can do to prevent such an occurrence.

Here are five tips from Gord Boyce, CEO of Network Access Control vendor ForeScout:

1. Get an information security policy

This is basic stuff, and something every organisation should do. An information security policy will see CIOs maximising their ability to limit the distribution of sensitive information outside the scope of who should have access to it.

2. Segment your information resources

To ensure that important information is given a higher level of priority, make sure you have defined enclaves of resources by level of sensitivity.

3. Enforce policy at the application layer

Make sure that you audit your information systems – such as your emails and servers. This should be done to ensure that logins, distribution lists and public folders comply with your information security policy.

4. Enforce policy at the network layer

Sophisticated, role-based network access control can be used to provide an additional layer of security on top of the more basic application security that you have in place. Network control can enforce security both between enclaves and within them.

5. Enforce policy at the desktop

Where you can, even though it may be difficult at times, prevent the use of removable media, such as USB drives and CDs. A US Army private is alleged to have recently been the source of some data leaks, by using a simple USB memory stick to remove the sensitive data from the US Army network. Limiting their use can help prevent this.