Solved

How to decide IT security

Posted on 2014-03-12
4
380 Views
Last Modified: 2014-03-12
How to make decisions about providing security for our computers and network are usually made by the IT Department and what are the considerations should be made before an we decides what kind of security is needed for the our company
0
Comment
Question by:YaYangTeah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 15

Assisted Solution

by:Ess Kay
Ess Kay earned 166 total points
ID: 39923932
You need to be more specific.

What are the functions of the company, and how often does it connect to the internet

Some key points to consider would be :

Antivirus monotoring programs - Enterprise versions (hosted on server and updates are sent to all computers on network
Firewall -ie: sonicwall - to prevent access from the internet like hacking, dos and other attacks and unauthorized access
Encrypted emails if you need secure communications. it is possible to have internal emails not leave the network, thus decreasing chances of interception. Encryption will result in higher security when intercepted.
Heavy Security in databases you dont want your data to be access by `just anyone or accidentally deleted
redundant backups Obviously, backups are great, but what makes them better would be on seprate servers, or even at different sites
restrict access to the servers, have shared drives not connected to the server, or a separe (array) or file servers


Those are the barebone basics.  Hope that helps.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 167 total points
ID: 39924038
To add on to what other expert has mentioned:

As they point out it depends on what your company does, how big it is and what regulations you might be under.

So multi layered approach is needed.  Hardware-based firewall either with and IPS (Intrusion prevention) module active or a separate IPS device. Filtering of web traffic and email.  We use a hosted solution for email and an internal appliance for web. Do you need to archive your email in case of law suit?  Many email solutions I  looked at have that as a piece of their product.
Protect desktops and servers with an Enterprise AV solution. The solution needs to do a good job of both viruses and general malware. If you're running in a virtual environment and using VMware ESXi, consider an AV solution that interacts at the VMDK level instead of putting an agent on the desktops and servers in the virtual environment.

User education is a MUST.  Even with users who care, their typical lack of understanding about the dangers from the Internet can be a major factor in allowing in threats even with good security in place.
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 167 total points
ID: 39925255
I would take a risk based approach. When trying to decide on a security decision, do a mini risk assessment. Compare the risks associated with the decision, including risks of implementing the change and risks of NOT implementing it. Compare this to the costs.

While security is a lot of times dictated by I.T., risk management as a whole should NOT be.
0
 

Author Comment

by:YaYangTeah
ID: 39925442
Hi "esskay b2d" i don't have any specific question, because this mainly for my own self study only, i really appreciate answer given by you.Thank you
0

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question