|
Many business managers assume that meeting
compliance requirements and regulations means
that the organization has sufficient and
effective controls in place to protect against
security breaches. Legislation may specify
the actions to be taken in the event of a
security breach but typically does not identify
the controls needed to protect the
organization's sensitive information.
Protecting your systems and sensitive data is
not
easy. Network administrators use many techniques to ensure that basic
security controls are in place:
- Access to systems and data is only
provided to authorized staff.
- Firewalls are implemented at the network perimeter.
- Anti-malware and anti-virus software is
used to protect both
workstations and servers.
- Servers and workstations are patched on
a regular basis.
- Backups are performed on a regular basis
and stored off-site.
Even with security controls in place, hackers use
creative ways to by-pass security systems and
gain access to data. Altius IT recommends
additional safeguards to reduce your risks:
- Assign the role of Chief Security
Officer (CSO) to a member of your staff
- Perform a risk assessment to identify
your most important assets
- Identify and implement controls to
protect your important assets
- Prepare formal
policies
and an Incident Response Plan
- Ensure agreements with service providers
contain the appropriate wording to protect
your organization
- Implement a security training program
for your staff
- Ensure independent network security
audits are performed on an annual basis and
after major changes to your systems
A formal
network
security audit should evaluate over 50 areas
including technical, physical, and
administrative safeguards and controls that
protect information systems and data. For
the business manager, network security audits
help the organization identify, manage, and
reduce risks before they can be exploited by an
intruder.
Security Blog menu
Tags: compliance audit | data security | it audit | network security audit
|
