The New Threat to Internet Information Security:
The threat to information security for government, corporations and even individuals has changed dramatically in the last 24 months.
With motives shifting across politics and profit, internet based hackers are going after corporations and the public sector with new vigour.
This has important implications for information security managers, but more broadly it requires a totally new approach from both business and government leaders.

In the past a slower Internet speed has provided a level of protection as the web server was usually fast enough to handle the incoming data.
However with the advent of much faster world-wide internet connections, DOS attacks become much easier to achieve.
Hence the ability to totally swamp multiple web servers anywhere and any time becomes much easier.
When a computer becomes overwhelmed it is unable to operate normally unless the programmer has specifically allowed for this, which is rare.
- Fundamentally unless the computer can handshake the data to stop, this causes I/O buffer failures resulting in an unstable, unreliable and untested operation, and hence DOS based hacking has become considerably easier.
- The desktop culture has always been that most computers rely heavily in the fact that they are able to run faster than the data-driven applications require.
An External Web server is a Dangerous Place to store your Highly Confidential Mission Critical Strategic Data.
There are some website providers who are offering to host & store your strategic data on their Web Server using their software.
If you pay a recurring cost, you can access your data using web browsers such as Internet Explorer, Firefox or Google Chrome.

This is absurd as in most cases the following applies:
1. You have little or no security guarantee.
2. You are not able to establish website staff access or usage rules for your data.
3. You do not know who has written the software, nor any of the staff that work with the website, nor what their qualifications and backgrounds are.
4. You will not be advised should the web site with your data, be hosted at a different site or moved to any overseas country.
5. You do not know if the website is hacker proof, and you will never be advised if the security is changed or breached.
6. You do not know what monitoring equipment is listening to and recording your website data traffic.
7. Unless the website is using the https:// secure protocol, your data is transmitted on the wire using clear text.
8. You will never know if any website staff have sold your confidential strategic data to your competitors or to a statistics bureau.

Even if the above items are not an issue for you, Web Server Security Breaches from Internet Hackers can and will occur.
  - You do not want this happening with your private Strategy Maps and Balanced Scorecards.
  - You do not want outsiders to ever read this data.
    1. They can steal your precious Mission-Critical Strategic Data.
    2. They can change the data thereby effectively changing the performance and direction of your organization.

In general terms, using a Web Server and Internet Browser for all your data means:
 - with complex software, your user interface is much inferior and hence harder to use.
 - your time-spent-at-the-keyboard is always dictated by the quality of the User Interface, plus the Internet and Remote Server round-trip-refresh-delay-time.
   - A much better solution is to use a secure corporate thin client facility.

Your Local Computer is protected from the Internet:
Our software is Windows mode software.
This means that it exists only on Your Local Computer, similar to MS-Office (Word, Excel, Outlook...).
If you have a company with a Terminal Server or PC Network then it can exist there as well.

Your local computer is not open to hacker attacks via the internet.
It is protected by:
1. Your Router: Hides your PC from the Internet,
2. Your Firewall: Prevents unauthorised access and
3. Your Windows Vista/7 UAC.
The User Access Control (UAC) system ensures that everything on your computer which needs administrator privileges requires your approval.


Strategic Plan Security Needs:
The very nature of the Strategy Map and Balanced Scorecard system is to expose your intangible assets to strategic scrutiny via a visibility and feedback framework.
This means it is a system that peels back all the layers leaving the heart exposed for anyone to read.

Only the highest level of security is good enough.
If you need a wide area solution, then you should use a system such as Windows Terminal Server or Citrix Terminal Server.
These systems are both safe and fast, offering state-of-the-art security, reliability and execution speeds.
(Windows 2000 WTS is adequate and inexpensive).

The other type of software exists on a Remote Web Server, it is displayed using web browsers such as Internet Explorer or Firefox.
- Your data is located on some other companies computer/s.

Your critical Strategy Map and Balanced Scorecard data should never be located on remote external web servers.

Your local computer is protected from hacker attacks by your Router, Firewall and Windows UAC
External Website Security Concerns:
Several Sony Websites were severly hacked in April/May 2011, with thousands of credit card and identitly details stolen.
Internet Website Crime has become a fact of life and the serious nature of this attack caught everyone by surprise.

With the second hack into Sony, the personal information from 24 million SOE accounts was stolen, along with full details of 12,700 credit card and debit cards.
The effect of this on the Credit Card industry and many people use use Credit Cards has been profound, whilst the effect on the Illegal Credit Card industry has been to drive down the price of stolen credit cards from $10 down to only $2.


This year security warnings have been published by security agencies such as Bürger-CERT in Germany.
These vulnerabilities will be fixed with the release of new versions, however new security issues are continually being exposed.

Dire warnings have been given to all public web sites that they should expect internet hacking or denial of service attacks at least every 2 years.
In 2010, our state electric train network was hacked forcing trains to stop and others to go slow. Fortunately there were no accidents.



Web servers are open to the Internet:
Public Web servers must sit exposed on the Internet, without Router Address Translation and without Firewall Protection.

They are not protected from hacker attacks and these can be launched from anywhere in the world.
Only the server's own access rules prevent illegal access. These rules can be broken and in many cases the server security updates are allowed to lapse.

Every time a web server vulnerability is reported, the system manufacturers have to rush to release an update.
With many web servers the update process lapses which is why approx 1 in every 1000 web servers has been hacked and is infected.
Often the owners are totally unaware that their website is being exploited by hackers. needs administrator privileges requires your approval.
1 in every 1000 public websites has been hacked and poisoned.