Solved

How to decide IT security

Posted on 2014-03-12
4
379 Views
Last Modified: 2014-03-12
How to make decisions about providing security for our computers and network are usually made by the IT Department and what are the considerations should be made before an we decides what kind of security is needed for the our company
0
Comment
Question by:YaYangTeah
4 Comments
 
LVL 15

Assisted Solution

by:Ess Kay
Ess Kay earned 166 total points
ID: 39923932
You need to be more specific.

What are the functions of the company, and how often does it connect to the internet

Some key points to consider would be :

Antivirus monotoring programs - Enterprise versions (hosted on server and updates are sent to all computers on network
Firewall -ie: sonicwall - to prevent access from the internet like hacking, dos and other attacks and unauthorized access
Encrypted emails if you need secure communications. it is possible to have internal emails not leave the network, thus decreasing chances of interception. Encryption will result in higher security when intercepted.
Heavy Security in databases you dont want your data to be access by `just anyone or accidentally deleted
redundant backups Obviously, backups are great, but what makes them better would be on seprate servers, or even at different sites
restrict access to the servers, have shared drives not connected to the server, or a separe (array) or file servers


Those are the barebone basics.  Hope that helps.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 167 total points
ID: 39924038
To add on to what other expert has mentioned:

As they point out it depends on what your company does, how big it is and what regulations you might be under.

So multi layered approach is needed.  Hardware-based firewall either with and IPS (Intrusion prevention) module active or a separate IPS device. Filtering of web traffic and email.  We use a hosted solution for email and an internal appliance for web. Do you need to archive your email in case of law suit?  Many email solutions I  looked at have that as a piece of their product.
Protect desktops and servers with an Enterprise AV solution. The solution needs to do a good job of both viruses and general malware. If you're running in a virtual environment and using VMware ESXi, consider an AV solution that interacts at the VMDK level instead of putting an agent on the desktops and servers in the virtual environment.

User education is a MUST.  Even with users who care, their typical lack of understanding about the dangers from the Internet can be a major factor in allowing in threats even with good security in place.
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 167 total points
ID: 39925255
I would take a risk based approach. When trying to decide on a security decision, do a mini risk assessment. Compare the risks associated with the decision, including risks of implementing the change and risks of NOT implementing it. Compare this to the costs.

While security is a lot of times dictated by I.T., risk management as a whole should NOT be.
0
 

Author Comment

by:YaYangTeah
ID: 39925442
Hi "esskay b2d" i don't have any specific question, because this mainly for my own self study only, i really appreciate answer given by you.Thank you
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
OnPage: Incident management and secure messaging on your smartphone
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question