Northern Computer

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 7 December 2011

Protecting Vital Company Information - Security Audit

Posted on 14:20 by Unknown
In today's world people want easy access to their business information. Some of this information will be considered sensitive therefore it is important to properly secure access to only those that should have access.

A security audit is really the final step in the implementation of your security defenses. Prior to this you undertake a risk analysis. Then you develop a security policy to define what you are going to defend and how you are going to defend it.
Various protective steps will be put into place to prevent unauthorized access. Perhaps access requires establishing a VPN connection beforehand. Almost certainly access will require a username & password and various policies will need to be in place as well. For instance, a requirement that passwords meet certain complexity rules or that all information on laptops be encrypted with password protection. A good security audit should find any gaps in your existing defenses.

Many people opt to have external security consultants perform the audit. If you are a small company you might not be able to afford security consultants and you also might not have the in-house expertise to do a sophisticated audit on your own. This however does not mean that you can or should do nothing. The exercise of understanding what you are securing and how you are trying to secure it is worthwhile on its own.

If in preparing for an audit you realize that vital company information is held on laptop computers then this will lead to questions like what happens if the laptop is lost or stolen? How easy can someone access the information on this laptop? We all know or should know that 100% security is impossible. There will always be risks. However often low cost simple security steps will significantly improve your security.

So how would you go about a simple security audit?
Security List

Begin by creating a list of items that potentially need securing. This list should include things like servers, desktop computers, laptops, routers, other networking equipment, printers, data (sales, customer & employee information), smart phones, PDAs, VoIP phones, VoIP or regular phone call recordings and records, email and so forth.
Threat List

Using your security list determine what is sensitive as well as how an unauthorized individual might access the sensitive data. This will constitute your threat list. Look at things like do all computers have passwords? Who knows the passwords? How strong are the passwords? Do passwords need to be changed periodically? Are laptops taken offsite? How easily could computers be removed from the physical premises? Do you have a list of the equipment? Are you creating backups of sensitive data? How are things being backed up, where are the backups kept, and who conducts the backups? How is access being controlled? Can information be accessed from outside the company premises?
Prioritize Threat List

After determining what threats exist you should prioritize the list. Look at the probability of unauthorized access coupled with the potential harm.
Security Threat Response Plan

Starting at the top of this list think about how you might reduce the risk of each item. This will become your security threat response plan. Remember lots of low cost simple steps exist that will improve your security. Stronger passwords, improved physical security (lock the server in a wiring closet), ensuring all computers are patched with security updates regularly, limiting web access, ensuring antivirus products are being used and are updated properly, implementing encryption of data with password protection, etc. If you do not have a backup of sensitive data you will need to devise a backup policy and plan as well. This should include some form of offsite storage for obvious reasons. Now that you have your security response plan you need to implement it.
Implement Security Threat Response Plan

After implementation you will periodically do a security audit, which essentially, is running through the whole process again. Each time you go through the process you will likely unearth new risks as well as cost effective ways of reducing risks.


Northern Computer - Your Trusted Partner
#1 - 495 Banks Road Kelowna, BC V1X 6A2
Phone: 250.762.7753 Fax: 250.861.1861 Toll-Free: 1.877.257.2896
Email: sales@northerncomputer.ca or service@northerncomputer.ca
Web: http://www.northerncomputer.ca
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Backup, data, security | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • What the Heck's in Your Computer - Part 1: The Motherboard
    c The motherboard, also known as the main logic board, has been at the heart of every micro computer since its invention. Its function is si...
  • The Impact of Tablets – 5 Ways Businesses Are Using Them
    From just a few short years ago, tablets have gone from being non-existent to becoming a common device that is being adopted by many busines...
  • Power Protection for Your Computer Hardware - Surge Protectors and UPS'
    It's been said that there are two types of computer users: those who have lost data because of a power problem, and those who are going ...
  • Torture Tests of the Lenovo All-in-One PC
    200 test units, 10 torture tests, 20,000 hours of testing-Lenovo ThinkCentre All-In-One desktops are built tough. Northern Computer - Your T...
  • Office Ergonomics - Keyboard Setup & Usage
    The last area in your work station setup (see our articles on mouse and monitor ergonomics) that can cause injury from improper usage is the...
  • Hey Kelowna - Backup – Disaster Recovery – Are you prepared?
    We all know that we should back up our important data, but maybe we don't know what files we should back up on our systems or we don’t k...
  • Northern Computer and Nidana Networks have Merged
    and News Announcement As Northern Computer continues to grow, we are excited to announce our merger with Nidana Networks. This merger allows...
  • Should I Make the Switch to Windows 7?
    Windows 7 has now been out for a couple of years and yet there are still people who are hesitant to upgrade to it. For the most part this is...
  • 5 Reasons to Consider an All-in-One PC
    If you aren’t already feeling overwhelmed by the consumer devices available on the market today, AIO (All-in-One) PCs are striving for a pie...
  • 7 Reasons why it’s Time to give up on Windows XP Once And For All
    Although businesses have been getting rid of Windows XP for at least the last 3 years, the fact remains that as of March 2013, nearly 39% of...

Categories

  • advertising
  • antivirus
  • application
  • Backup
  • battery
  • Cloud
  • computer
  • CPU
  • data
  • digital signage
  • Email
  • Hard Drive
  • hardware
  • Internet
  • IT
  • Laptop
  • marketing
  • monitor computer video hardware
  • Motherboard
  • Networking
  • Office Ergonomics
  • PC
  • Printers
  • purchase
  • RAM
  • Recovery
  • recycle
  • remote desktop
  • security
  • server
  • Service and Repair
  • signal
  • smart phones
  • Software
  • software server
  • tablets
  • tax
  • Tips
  • TV
  • Virus
  • VOIP
  • warranty
  • web
  • Windows
  • wireless

Blog Archive

  • ►  2013 (23)
    • ►  November (1)
    • ►  October (3)
    • ►  June (2)
    • ►  May (2)
    • ►  April (4)
    • ►  March (3)
    • ►  February (3)
    • ►  January (5)
  • ►  2012 (25)
    • ►  November (2)
    • ►  October (3)
    • ►  September (1)
    • ►  June (2)
    • ►  May (2)
    • ►  April (3)
    • ►  March (5)
    • ►  February (1)
    • ►  January (6)
  • ▼  2011 (56)
    • ▼  December (5)
      • Data Recovery
      • Website Security
      • Automatic Disk Cleanup
      • What is a Small Business Server and Do I Need One?
      • Protecting Vital Company Information - Security Audit
    • ►  November (8)
    • ►  October (3)
    • ►  September (3)
    • ►  August (3)
    • ►  July (7)
    • ►  June (6)
    • ►  May (3)
    • ►  April (8)
    • ►  March (5)
    • ►  February (4)
    • ►  January (1)
  • ►  2010 (29)
    • ►  December (5)
    • ►  November (3)
    • ►  October (4)
    • ►  September (2)
    • ►  August (1)
    • ►  June (1)
    • ►  April (13)
Powered by Blogger.

About Me

Unknown
View my complete profile