Using Information Technology to Secure your Business

  • 447 views
Uploaded on

Webinar - Using Information Technology to Secure your Business (WISE Comprehensive Solutions, LLC)

Webinar - Using Information Technology to Secure your Business (WISE Comprehensive Solutions, LLC)

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
447
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. HOW EFFECTIVELY ARE YOU USING INFORMATION TECHNOLOGY TO SECURE YOUR BUSINESS?
    © 2011 WISE Comprehensive Solutions, LLC – Confidential & Property
  • 2. Why Is Computer Security Important?
    Establishes sound business practices
    Complies with International, and Industry regulations
    Protects corporate assets (especially information)
    Prevents processing interruptions
  • 3. How Many People Experienced Security Incidents?
  • 4. Goals of Security Program
    • Confidentiality
    • 5. Data must be protected against unauthorized disclosure
    • 6. Integrity
    • 7. Systems must not permit processes or data to bechanged without authorization
    • 8. Availability
    • 9. System hardware must be functional and changes must be authorized
  • TheInternet
    • Open, Global Network
    • 10. TCP/IP
    • 11. “Language of the net”
    • 12. Designed for communication, not security
    • 13. Data sent “in the clear”
    • 14. Easy access to information
    Threats and Attacks
  • 15. Threats and Attacks
    Internet connection and usage increases the level of security threats on small businesses
    Dedicated IT personnel
    Organizations must understand and acknowledge threats
  • 16. Consequences
    Interference with the intended use of IT resources
    Loss/theft of equipment used to store private/sensitive information
    Unauthorized changes made to computers or software
  • 17. Consequences
    Loss of data
    Denial of Service attack
    Compromised user accounts
    Time and inconvenience
    Loss of image and reputation
    Unauthorized use of systems or data
  • 18. Why Security
    Caterpillar, Inc.
    Hackers rummaged undetected through Caterpillar, Inc.’s network for two weeks
    - Outdated administrator's account that was never deleted
    - Poor password protection
    easily deciphered passwords
    no passwords at all
    The hacker or group of hackers accessed servers and workstations at various company sites
  • 19. Benefits of effective IT security
    Protects an organization's valuable resources, such as information, hardware, and software
    Protects reputation, legal position, employees
    Protects computers from hackers.
    Protection against fraud.
    Protects computers from viruses, worms, spyware and other unwanted programs.
    Prevent against data from theft.
  • 20. Ways to use IT to secure your business
  • 21. Business Firewall
    Protects your business and your information
    Stands between your business network and the programs that are out there on the internet.
    Provides a means for allowed programs to travel through to a network through URL filtering
  • 22. Anti Virus and Anti Spyware
    Anti-virus software is used to prevent, detect, and remove computer viruses, worms, and Trojan horses.
    Ensure that other types of suspicious files and network activity should also be monitored e.g. malicious code
    Antispyware software protects computers against pop-ups, slow performance, and security threats
  • 23. Encryption Software
    Install encryption software to encode your online communications.
    Encryption is not just for the big guys. You can protect the privacy of your e-mail messages and file attachments by encrypting them.
    Encrypting your messages protects your information so that only those with the proper authority can decipher it.
    Ensures that the messages come from you and that the information has not been tampered with
  • 24. Web Content Filtering
    Many companies block certain websites to prevent employees from unknowingly downloading malicious content
    Block access to sites by category such as entertainment, adult material, dating sites, chat rooms and social media
    If specific websites need to be available to your employees, they can be added to a “whitelist”
  • 25. Email Monitoring and Spam Protection
    Everybody who has used email has most likely been subjected to Spam.
    Unwanted emails are not only bad for productivity, they can do damage to your systems and networks too.
    A spam filter can help to reduce unwanted emails, but don’t forget to deploy anti-virus and anti-worm software on your mail server.
  • 26. Data Backup
    What would happen to your business if suddenly all your data is destroyed?
    There is a great need to have all of your essential data backed up and stored in a safe place on a regular basis.
    This can be accomplished one of two ways:
    Remote Backup – This method copies and stores your files on a secure remote server automatically and periodically.
    Local Backup – This can be performed using software and backs your data up to a local storage device.
  • 27. Virtual Private Network (VPN)
    To reduce the risk associated with remote connections, many organizations set up a virtual private network.
    Allows employees secure access to the company network via the Internet.
    It is important to evaluate how much and what information the organization is willing to share over a VPN
  • 28. Virtualization
    Virtualization combines or divides computing resources to present one or many operating environments
    End users can execute, develop, and test applications without having to fear causing a crash to systems
    Enables a user to run multiple virtual machines (VM) on a single physical machine, with each VM sharing the resources of that one physical computer
    The VM concept has been in existence since the 1960s when it was first developed by IBM.
  • 29. Cloud Computing
    An emerging Internet based business model for IT services
    Cloud Computing represents the latest advancement in client-server technology
    Web Based Application Services:
    Platform as a Service (Paas)
    Software as a Service (SaaS)
    Infrastructure as a Service (IaaS)
  • 30. Audit Logging
    Means by which changes to the database (inserts, updates and deletes) are recorded in a separate 'audit' database
    Why event data should be logged on a given system?
    Accountability – Identify what accounts are associated with events
    Reconstruction – Log data can be reviewed chronologically to determine what was happening before and during an event
    Intrusion Detection – Unusual or unauthorized events can be detected through the review of log data
    Problem Detection – It can be used to identify problems that need to be addressed (e.g. investigating failed jobs, resource utilization)
  • 31. Data Loss Prevention (DLP)
    DLP - Systems that identify, monitor, and protect data in use , data in motion and data at rest through content inspection within a centralized management framework
  • 32. Which Technology is Most Used?
  • 33. The Pros & Cons of Managed Security
    Cons
    Outsiders are exposed to potentially sensitive information
    Increased potential for employees to be the culprit of a security breech
    Level of risk has to be weighted against the potential benefits
    Generic solutions are not customized to company's needs
    Pros
    Better understanding of the threat landscape and the tools to deal with those threats
    Most in-house staff spend a great deal of time handling incidents
    Cost savings on security tools such as anti-virus/anti-spam and firewalls
    Service Provider dedicated its efforts to Information Security; no corporate policies exist/needed
  • 34. What is the Cost of IT Security?
  • 35. Evaluating Information Security
  • 36. Recommended Security Practices
    Prevent infection with antivirus software
    Install antivirus on all desktops, laptops, and servers
    Check for virus definitions daily or set for automatic updates
    Stop intruders with a firewall
    Use a firewall on all desktops, laptops, and servers
    Stay on top of security updates
    Deploy security patches and fixes as soon as
    Use the latest operating system versions
    Create strong passwords and change them frequently
    Don’t allow Web browsers to remember passwords/private data
    Open email responsibly
    Scrutinize attachments before opening them; be wary of unusual files
    Do not open or reply to unsolicited mail
  • 37. Recommended Security Practices, cont.
    Browse the Web with caution
    Use secure Websites when you reveal personal information
    Do not type confidential information in Instant Messaging/Chat programs
    Back up regularly
    Back up vital data daily and store critical backups offsite
    Make remote connections secure
    Require remote users to use antivirus and firewall software
    Use a Virtual Private Network (VPN)
    Lock down wireless networks
    Install a firewall at the wireless access point
    Ensure the physical security of your equipment
    Never leave wireless devices unattended
    Use the screen locking feature when you leave your workstation
  • 38. What IT Services are a good fit?
  • 39. Remember ...
    Security is the
    correct balance of People,
    Processes and Technology!
  • 40. Questions
    WISE Comprehensive Solutions, LLC
    sales@consultwcs.com
    (301)-942-3711