?
Solved

How to decide IT security

Posted on 2014-03-12
4
Medium Priority
?
385 Views
Last Modified: 2014-03-12
How to make decisions about providing security for our computers and network are usually made by the IT Department and what are the considerations should be made before an we decides what kind of security is needed for the our company
0
Comment
Question by:YaYangTeah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 15

Assisted Solution

by:Ess Kay
Ess Kay earned 664 total points
ID: 39923932
You need to be more specific.

What are the functions of the company, and how often does it connect to the internet

Some key points to consider would be :

Antivirus monotoring programs - Enterprise versions (hosted on server and updates are sent to all computers on network
Firewall -ie: sonicwall - to prevent access from the internet like hacking, dos and other attacks and unauthorized access
Encrypted emails if you need secure communications. it is possible to have internal emails not leave the network, thus decreasing chances of interception. Encryption will result in higher security when intercepted.
Heavy Security in databases you dont want your data to be access by `just anyone or accidentally deleted
redundant backups Obviously, backups are great, but what makes them better would be on seprate servers, or even at different sites
restrict access to the servers, have shared drives not connected to the server, or a separe (array) or file servers


Those are the barebone basics.  Hope that helps.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 668 total points
ID: 39924038
To add on to what other expert has mentioned:

As they point out it depends on what your company does, how big it is and what regulations you might be under.

So multi layered approach is needed.  Hardware-based firewall either with and IPS (Intrusion prevention) module active or a separate IPS device. Filtering of web traffic and email.  We use a hosted solution for email and an internal appliance for web. Do you need to archive your email in case of law suit?  Many email solutions I  looked at have that as a piece of their product.
Protect desktops and servers with an Enterprise AV solution. The solution needs to do a good job of both viruses and general malware. If you're running in a virtual environment and using VMware ESXi, consider an AV solution that interacts at the VMDK level instead of putting an agent on the desktops and servers in the virtual environment.

User education is a MUST.  Even with users who care, their typical lack of understanding about the dangers from the Internet can be a major factor in allowing in threats even with good security in place.
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 668 total points
ID: 39925255
I would take a risk based approach. When trying to decide on a security decision, do a mini risk assessment. Compare the risks associated with the decision, including risks of implementing the change and risks of NOT implementing it. Compare this to the costs.

While security is a lot of times dictated by I.T., risk management as a whole should NOT be.
0
 

Author Comment

by:YaYangTeah
ID: 39925442
Hi "esskay b2d" i don't have any specific question, because this mainly for my own self study only, i really appreciate answer given by you.Thank you
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question