?
Solved

How to decide IT security

Posted on 2014-03-12
4
Medium Priority
?
387 Views
Last Modified: 2014-03-12
How to make decisions about providing security for our computers and network are usually made by the IT Department and what are the considerations should be made before an we decides what kind of security is needed for the our company
0
Comment
Question by:YaYangTeah
4 Comments
 
LVL 15

Assisted Solution

by:Ess Kay
Ess Kay earned 664 total points
ID: 39923932
You need to be more specific.

What are the functions of the company, and how often does it connect to the internet

Some key points to consider would be :

Antivirus monotoring programs - Enterprise versions (hosted on server and updates are sent to all computers on network
Firewall -ie: sonicwall - to prevent access from the internet like hacking, dos and other attacks and unauthorized access
Encrypted emails if you need secure communications. it is possible to have internal emails not leave the network, thus decreasing chances of interception. Encryption will result in higher security when intercepted.
Heavy Security in databases you dont want your data to be access by `just anyone or accidentally deleted
redundant backups Obviously, backups are great, but what makes them better would be on seprate servers, or even at different sites
restrict access to the servers, have shared drives not connected to the server, or a separe (array) or file servers


Those are the barebone basics.  Hope that helps.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 668 total points
ID: 39924038
To add on to what other expert has mentioned:

As they point out it depends on what your company does, how big it is and what regulations you might be under.

So multi layered approach is needed.  Hardware-based firewall either with and IPS (Intrusion prevention) module active or a separate IPS device. Filtering of web traffic and email.  We use a hosted solution for email and an internal appliance for web. Do you need to archive your email in case of law suit?  Many email solutions I  looked at have that as a piece of their product.
Protect desktops and servers with an Enterprise AV solution. The solution needs to do a good job of both viruses and general malware. If you're running in a virtual environment and using VMware ESXi, consider an AV solution that interacts at the VMDK level instead of putting an agent on the desktops and servers in the virtual environment.

User education is a MUST.  Even with users who care, their typical lack of understanding about the dangers from the Internet can be a major factor in allowing in threats even with good security in place.
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 668 total points
ID: 39925255
I would take a risk based approach. When trying to decide on a security decision, do a mini risk assessment. Compare the risks associated with the decision, including risks of implementing the change and risks of NOT implementing it. Compare this to the costs.

While security is a lot of times dictated by I.T., risk management as a whole should NOT be.
0
 

Author Comment

by:YaYangTeah
ID: 39925442
Hi "esskay b2d" i don't have any specific question, because this mainly for my own self study only, i really appreciate answer given by you.Thank you
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Experts Exchange expands question security options for members.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question