Solved

How to decide IT security

Posted on 2014-03-12
4
376 Views
Last Modified: 2014-03-12
How to make decisions about providing security for our computers and network are usually made by the IT Department and what are the considerations should be made before an we decides what kind of security is needed for the our company
0
Comment
Question by:YaYangTeah
4 Comments
 
LVL 15

Assisted Solution

by:Ess Kay
Ess Kay earned 166 total points
ID: 39923932
You need to be more specific.

What are the functions of the company, and how often does it connect to the internet

Some key points to consider would be :

Antivirus monotoring programs - Enterprise versions (hosted on server and updates are sent to all computers on network
Firewall -ie: sonicwall - to prevent access from the internet like hacking, dos and other attacks and unauthorized access
Encrypted emails if you need secure communications. it is possible to have internal emails not leave the network, thus decreasing chances of interception. Encryption will result in higher security when intercepted.
Heavy Security in databases you dont want your data to be access by `just anyone or accidentally deleted
redundant backups Obviously, backups are great, but what makes them better would be on seprate servers, or even at different sites
restrict access to the servers, have shared drives not connected to the server, or a separe (array) or file servers


Those are the barebone basics.  Hope that helps.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 167 total points
ID: 39924038
To add on to what other expert has mentioned:

As they point out it depends on what your company does, how big it is and what regulations you might be under.

So multi layered approach is needed.  Hardware-based firewall either with and IPS (Intrusion prevention) module active or a separate IPS device. Filtering of web traffic and email.  We use a hosted solution for email and an internal appliance for web. Do you need to archive your email in case of law suit?  Many email solutions I  looked at have that as a piece of their product.
Protect desktops and servers with an Enterprise AV solution. The solution needs to do a good job of both viruses and general malware. If you're running in a virtual environment and using VMware ESXi, consider an AV solution that interacts at the VMDK level instead of putting an agent on the desktops and servers in the virtual environment.

User education is a MUST.  Even with users who care, their typical lack of understanding about the dangers from the Internet can be a major factor in allowing in threats even with good security in place.
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 167 total points
ID: 39925255
I would take a risk based approach. When trying to decide on a security decision, do a mini risk assessment. Compare the risks associated with the decision, including risks of implementing the change and risks of NOT implementing it. Compare this to the costs.

While security is a lot of times dictated by I.T., risk management as a whole should NOT be.
0
 

Author Comment

by:YaYangTeah
ID: 39925442
Hi "esskay b2d" i don't have any specific question, because this mainly for my own self study only, i really appreciate answer given by you.Thank you
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now