Mergers and acquisitions are common occurrences in today's information security market. Although it may be difficult to predict what a corporate merger will do for company profits, M&A activity will almost certainly have an effect on the employees of the two organisations. During what is often a tense and unpredictable transition, companies can't just throw their different people, processes and policies together and call it a day.
On its own, a company's security staff has enough to worry about, having to manage compliance efforts, network security policies, Web application infrastructures, malware and any other outside threats that an organisation may be subject to. After a merger or acquisition, though, the burden is doubled. Staffs from both organisations need to come together to discuss M&A strategy, decide on security standards and do some corporate restructuring.
In this Learning Guide, a panel of experts breaks down the M&A security priorities and explains the best ways to manage disparate security staffs, technologies and policies. Knowing that there are a wide range of concerns when dealing with a merger or acquisition, we at SearchSecurity.com created a guide that takes this process one step at a time.
CORPORATE MERGERS AND ACQUISITIONS LEARNING GUIDE
Network Security Policies
M&A: Merging network security policies
Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organisations need to be on the same page. In this tip, contributor Mike Chapple explains how the designers of a new merged security policy must communicate clearly with both sides and create a strong, inclusive relationship between the companies.
Best practices for compliance during a merger
When one vendor acquires another, the handling of compliance issues may seem like an IT security staff's toughest task. It's not so bad, though, says security expert Joel Dubin. Dubin offers a primer for merging companies that may be in different stages of the compliance process.
Web Application Security
Ensuring Web application security when companies merge
When companies come together, so must their Web application infrastructures. Securing and integrating applications, however, can be a struggle without the cooperation from all sides. Michael Cobb explains how the leaders of a merged organisation can avoid turf battles and conduct an unbiased examination of its respective security arrangements.
Other Merger-related Security Threats
Mergers and acquisitions: Building up security after an M&A
Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them.
About the authors:
- Ed Skoudis is a SANS instructor and a founder and senior security consultant
with Intelguardians, a Washington, DC-based information security consulting firm. As an expert on
SearchSecurity.com, Ed answers your questions related to information security threats.
- Joel Dubin, CISSP, is an independent computer security consultant. The
Microsoft MVP and author of The Little Black Book of Computer Security is ready to answer
your identity management and access control questions.
- Mike Chapple, CISA, CISSP, is an IT security professional with the University
of Notre Dame. He previously served as an information security researcher with the National
Security Agency and the U.S. Air Force. Chapple is also SearchSecurity.com's resident network security expert.
- Michael Cobb, CISSP-ISSAP, is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and regularly answers platform security and application security question for SearchSecurity.com.
This was first published in June 2007