-
-
Check out our applications -
subscribe to RSS
Get email updates every time we post!
Getting IT Security right
1st December 2008 – No matter how many policies and training schemes you put into operation, basic human error still poses the most likely threat to your company’s IT security according to IT directors.
This was the worrying conclusion of research commissioned by network security vendor Clavister and conducted by leading international researchers YouGov.
86% of all IT directors polled believed that the most likely cause of an IT security issue came from their own employees. The reasons for this were down to staff ignoring, not being made aware of or not being sufficiently trained on security policies, as well as making mistakes or committing industrial espionage.
Getting IT security just right is always going to be a challenge, regardless of the technologies, the procedures and the exceptions, there will always be the chance that your security/integrity of your data is at risk. Concentrate on the procedures, the process and the technology, the rest will follow, you should be thinking about:
- File system/share security – who has access to which systems, how this is relevant to their role
- Virus and worm security – that your anti virus software is up to date, that you’ve applied the operating system and application patches to limit any exposure/known issues. At the same time that your anti virus software is optimized for the platform or application, we need to be secure but not at the cost of functionality or loss of revenue, “Sorry your site’s slow, but it’s secure….”
- User account security – what level of access users have, where their data is stored, how we separate private, departmental and organizational data.
- Application/platform security – who has access to our group standards, our procedures, the operating system build/scripts and passwords?
- Data encryption – what level of encryption is needed and what do we encrypt? The OS? User data or both?
- Asset management – how we prevent laptop, mobile device and desktop loss or damage.
- Cross business lines/data centers/organizational security – what are the different security polices and procedures, what matters in front office might not be relevant in the front office business. How do we secure or limit our risk.
- When we consider security/data loss should we not mention the backups? Data recovery, backing up to tape or disk is fine, but what about:
- What can you restore?
- How long does it take to restore?
- Are the backups relevant to your business requirements?
- What is the life span of the media or even the data?
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Leave a Reply
Recent Posts
Categories
Recent Comments
- Data centers on Joining the cloud computing space
- Tom on BuildMyVirtual - our Self Service Virtualization Portal goes online for free download shortly
- scott Paradis on What's in a name - quite a lot you know
- martin237 on How to reboot the HP ILO/kick off a hung session
- Steve Khan on What's the ILO and how do I connect to it?
- Mahmoud Moataz on How to reboot the HP ILO/kick off a hung session
- ST2 on Virtual mobile handset please
- Allan on How to reboot the HP ILO/kick off a hung session
- Chris Rugh on Vendor engagement and real world opportunities
- Ray McLemore on HP Converged Infrastructure enhances trade capacity and execution
