IT Security for Asset and Risk Management companies
I am tried to make sure that the Financial company I work for (Asset Management and Risk Management) have all the current IT Security parameters to have the top IT Security measures in place. Instead, of going around and ask another Asset Management companies I would like to find a place (website) where it would guide me to the best IT Security standards for my company. In particular, I would appreciate if this advice would apply to all current Asset Management companies in Switzerland, Zug city.
In a nutshell, I want to know what are the other Asset Mangement companies are doing in the area of IT Security for themselves.
In a nutshell, I want to know what are the other Asset Mangement companies are doing in the area of IT Security for themselves.
i don't work for an asset management company but usually companies need to comply with industry and government mandates through the implementation of security frameworks. Companies that don't need to abide by certain rules choose to develop and maintain their own hybrid framework based on what works for them and best practices. I'd advise you to find out if there's any specific requirements your company needs to follow in Switzerland when it comes to IT security. If they do business in other countries you have to adhere to that countries mandate too. I'm based in the US and depending on the industry we deal with we need to implement HIPAA, PCI, NIST, etc.
If you're looking for some guidance for security practices you can check: https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final
good luck!
If you're looking for some guidance for security practices you can check: https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final
good luck!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great advice. Many thanks all.
Firstly, is there a private network and firewall? A private network and firewall managed within the company reduces the chances of a user actually making a "mistake" which allows the security of information to be compromised. This includes creating policies to filter what websites and IP addresses can and cannot be accessed within and outside the network. This also applies for emails and other types of software which require an active connection, another app can be implemented to block "dangerous" downloads and safely remove them when they happen.
Storing your information in a safe place is also key, that is why a private network is necessary. You should consult businesses that specialize in this field as they will provide all the essential tools to protect your information. Companies such as Dashlane and even anti-virus companies provide business packages that can meet your needs.