Tag Archives: important
Implementing Threats, Risk and Security Audits
People used to close business deals with a handshake.
They looked one another in the eye. Today, more and more transactions are electronic, anonymous and, in too many cases, fraudulent. Any organization that stores or moves important information on an electronic network is putting its information at risk. A criminal on the other side of the world or an apparently loyal employee may have the ability to wreak havoc, by stealing, deleting or exposing confidential information.
The Computer Crime and Security Survey, conducted by the Computer Security Institute and the Federal Bureau of Investigation, indicates almost two-thirds of the large corporations and government agencies it surveyed lost money when their computer security broke down.
The survey noted that 9 out of 10 respondents had computer security breaches during the previous 12 months. Proprietary information worth $170.8 million was stolen from 41 respondents. Fraud cost 40 respondents $115.8 million.
When only 45 per cent of executives in North America said they conduct security audits on their e-commerce systems, (around the world, fewer than 35 per cent had conducted security audits) it becomes obvious that organizations must improve their defenses quickly.
The first step in protecting information assets is a Threat and Risk Assessment (TRA). Without the information it provides, organizations are in danger of fixing only what is broken and ignoring potential hazards. While the specifics of a TRA will be unique at each organization, a common methodology provides a starting point.
The first step is risk assessment, to identify the most important assets and information: threats and vulnerabilities are identified; solutions are proposed and refined; corporate policies are tightened up; roles and responsibilities are assigned; standards and training are developed.
The next step is the creation of a security plan, with its own procedures, budget and implementation timetable. Once those steps are complete, any new architecture can be rolled out and new procedures put in place. At this point, the new system should be tested from the outside for any remaining weak points.
Finally, to maintain system security, security should be audited on a regular basis to keep pace with both internal changes and evolving external threats. The TRA provides the map, but organizations must make the journey. Consulting companies have identified factors that contribute to the success or failure of an IT security project. Senior managers have to support the project and demonstrate their involvement. Otherwise, their staffs will place a higher priority on other activities.
Business and technical experts should both be involved because solutions that overburden the enterprise are not acceptable. Individual business units should be responsible for their own TRA to prevent foot-dragging during implementation and finger-pointing later. Interestingly, one consultant recommended conducting assessments on a department-by-department basis, rather than all at once. The reasoning is that valuable resources can be narrowly focused, and lessons learned can be carried over to subsequent assessments.
The Threat and Risk Assessment is an important tool. Recent reports show not enough organizations are using it.
Implementing Threats, Risk and Security Audits
People used to close business deals with a handshake.
They looked one another in the eye. Today, more and more transactions are electronic, anonymous and, in too many cases, fraudulent. Any organization that stores or moves important information on an electronic network is putting its information at risk. A criminal on the other side of the world or an apparently loyal employee may have the ability to wreak havoc, by stealing, deleting or exposing confidential information.
The Computer Crime and Security Survey, conducted by the Computer Security Institute and the Federal Bureau of Investigation, indicates almost two-thirds of the large corporations and government agencies it surveyed lost money when their computer security broke down.
The survey noted that 9 out of 10 respondents had computer security breaches during the previous 12 months. Proprietary information worth $170.8 million was stolen from 41 respondents. Fraud cost 40 respondents $115.8 million.
When only 45 per cent of executives in North America said they conduct security audits on their e-commerce systems, (around the world, fewer than 35 per cent had conducted security audits) it becomes obvious that organizations must improve their defenses quickly.
The first step in protecting information assets is a Threat and Risk Assessment (TRA). Without the information it provides, organizations are in danger of fixing only what is broken and ignoring potential hazards. While the specifics of a TRA will be unique at each organization, a common methodology provides a starting point.
The first step is risk assessment, to identify the most important assets and information: threats and vulnerabilities are identified; solutions are proposed and refined; corporate policies are tightened up; roles and responsibilities are assigned; standards and training are developed.
The next step is the creation of a security plan, with its own procedures, budget and implementation timetable. Once those steps are complete, any new architecture can be rolled out and new procedures put in place. At this point, the new system should be tested from the outside for any remaining weak points.
Finally, to maintain system security, security should be audited on a regular basis to keep pace with both internal changes and evolving external threats. The TRA provides the map, but organizations must make the journey. Consulting companies have identified factors that contribute to the success or failure of an IT security project. Senior managers have to support the project and demonstrate their involvement. Otherwise, their staffs will place a higher priority on other activities.
Business and technical experts should both be involved because solutions that overburden the enterprise are not acceptable. Individual business units should be responsible for their own TRA to prevent foot-dragging during implementation and finger-pointing later. Interestingly, one consultant recommended conducting assessments on a department-by-department basis, rather than all at once. The reasoning is that valuable resources can be narrowly focused, and lessons learned can be carried over to subsequent assessments.
The Threat and Risk Assessment is an important tool. Recent reports show not enough organizations are using it.
5 Top Questions to Ask When Choosing a Web Host
Choosing a web host is probably one of the most important decisions you will make a business owner. Today, a website reflects so much on an individual business and hosting is an important part of that. You want to have a website that is accessible all the time and one that mirrors the values you promote as a business. You therefore need to have a web host that is reliable and takes their role and responsibility seriously. If you are new to the process of choosing a web host and setting up a website then the task can seem quite daunting. There are many technical terms and figuring out what is important can be confusing. Here are a few questions to ask your web host so you can make sure they are a reliable and efficient company for you to work with.
What Hosting Options Do They Offer?
Some hosting companies specialize only in one type of hosting. This could be either shared or dedicated hosting. Ask the web host if this is the case or if they offer both options. It is preferable to work with a company that has a wider range of services. The reason for this is that over time your business may grow and your hosting needs may change. A company that can offer you more than one type of hosting solution will be the better company to work with in the long run.
Can You Migrate Between Hosting Packages?
It is unlikely that your web hosting needs will stay the same over time. Having to change your web host simply because you need a larger hosting package can be time consuming and frustrating. It will also affect the design and operation of your website. Most reputable web hosts will give you the option to upgrade your web hosting package. The process should be relatively affordable and free of hassles. The web host should be able to assist you with an easy migration to your new package. They should also be able to make recommendations as to what type of package you should upgrade to.
What Servers Do They Use and When Were They Last Upgraded?
A reputable web host will be diligent about keeping up with technology. At the pace at which technology advances, web hosts should be upgrading their servers every year or two. If they leave it longer than that then it is possible that the technology they are using will become outdated. This can in turn affect the functionality of your website. They should also be able to give you specifics on the capacity of the servers. If they give you the names of the particular servers, you can quickly and easily read online reviews of the servers. This will allow you to establish if they are reliable machines.
Is There a Support Desk and When Are They Available?
A support desk is probably one of the most important aspects of web hosting. Even a business owner that has some technical knowledge will not have the same level of expertise as people who work in the industry on a daily basis. In addition, the help desk will have access to the server and is able to do diagnostics should any problems arise. Having access to an efficient helpdesk will help you maintain a professional website. Their hours of operation are important because your website will be online 24/7. If the support desk only operates during office hours, it may mean that problems with your website lie unattended for a period of time. Any time that your website is not operational reflects badly on your business. You therefore want to ensure that if there are any problems, you can get them quickly and easily resolved.
What Anti-Virus and Security Measures Do They Have in Place?
It is vital to have good security on your website, especially if you are being hosted on a shared server. Remember that your website is the face of your business. You want it therefore to be as professional as you are. You don’t want your clients logging into your website and then being concerned about the security of their personal details. You also do not want your website unknowingly spreading a virus. The web host should perform regular virus scans and take analytics of the server to make sure that it is clean and the risk of infection is minimized.