HOW EFFECTIVELY ARE YOU USING INFORMATION TECHNOLOGY TO SECURE YOUR BUSINESS?<br />© 2011 WISE Comprehensive Solutions, LL...
Why Is Computer Security Important?<br />Establishes sound business practices<br />Complies with International, and Indust...
How Many People Experienced Security Incidents?<br />
Goals of Security Program<br /><ul><li>Confidentiality
Data must be protected against unauthorized disclosure
Integrity
Systems must not permit processes or data to bechanged without authorization
Availability
System hardware must be functional and changes must be authorized</li></li></ul><li>TheInternet<br /><ul><li>Open, Global ...
TCP/IP
“Language of the net”
Designed for communication, not security
Data sent “in the clear”
Easy access to information</li></ul>Threats and Attacks <br />
Threats and Attacks <br />Internet connection and usage increases the level of security threats on small businesses<br />D...
Consequences<br />Interference with the intended use of IT resources<br />Loss/theft of equipment used to store private/se...
Consequences<br />Loss of data<br />Denial of Service attack<br />Compromised user accounts<br />Time and inconvenience<br...
Why Security<br />Caterpillar, Inc.<br />Hackers rummaged undetected through Caterpillar, Inc.’s network for two weeks<br ...
Benefits of effective IT security<br />Protects an organization's valuable resources, such as information, hardware, and s...
Ways to use IT to secure your business<br />
Business Firewall<br />Protects your business and your information<br />Stands between your business network and the progr...
Anti Virus and Anti Spyware<br />Anti-virus software is used to prevent, detect, and remove computer viruses, worms, and T...
 Encryption Software <br />Install encryption software to encode your online communications. <br />Encryption is not just ...
Web Content Filtering<br />Many companies block certain websites to prevent employees from unknowingly downloading malicio...
Email Monitoring and Spam Protection <br />Everybody who has used email has most likely been subjected to Spam.<br />Unwan...
Data Backup<br />What would happen to your business if suddenly all your data is destroyed? <br />There is a great need to...
Virtual Private Network (VPN)<br />To reduce the risk associated with remote connections, many organizations set up a virt...
Virtualization	<br />Virtualization combines or divides computing resources to present one or many operating environments<...
Cloud Computing<br />An emerging Internet based business model for IT services<br />Cloud Computing represents the latest ...
        Audit Logging		<br />Means by which changes to the database (inserts, updates and deletes) are recorded in a separ...
Data Loss Prevention (DLP)<br />DLP - Systems that identify, monitor, and protect data in use , data in motion and data at...
Upcoming SlideShare
Loading in …5
×

Using Information Technology to Secure your Business

600 views

Published on

Webinar - Using Information Technology to Secure your Business (WISE Comprehensive Solutions, LLC)

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
600
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Using Information Technology to Secure your Business

  1. 1. HOW EFFECTIVELY ARE YOU USING INFORMATION TECHNOLOGY TO SECURE YOUR BUSINESS?<br />© 2011 WISE Comprehensive Solutions, LLC – Confidential & Property <br />
  2. 2. Why Is Computer Security Important?<br />Establishes sound business practices<br />Complies with International, and Industry regulations<br />Protects corporate assets (especially information)<br />Prevents processing interruptions<br />
  3. 3. How Many People Experienced Security Incidents?<br />
  4. 4. Goals of Security Program<br /><ul><li>Confidentiality
  5. 5. Data must be protected against unauthorized disclosure
  6. 6. Integrity
  7. 7. Systems must not permit processes or data to bechanged without authorization
  8. 8. Availability
  9. 9. System hardware must be functional and changes must be authorized</li></li></ul><li>TheInternet<br /><ul><li>Open, Global Network
  10. 10. TCP/IP
  11. 11. “Language of the net”
  12. 12. Designed for communication, not security
  13. 13. Data sent “in the clear”
  14. 14. Easy access to information</li></ul>Threats and Attacks <br />
  15. 15. Threats and Attacks <br />Internet connection and usage increases the level of security threats on small businesses<br />Dedicated IT personnel<br />Organizations must understand and acknowledge threats<br />
  16. 16. Consequences<br />Interference with the intended use of IT resources<br />Loss/theft of equipment used to store private/sensitive information<br />Unauthorized changes made to computers or software <br />
  17. 17. Consequences<br />Loss of data<br />Denial of Service attack<br />Compromised user accounts<br />Time and inconvenience<br />Loss of image and reputation<br />Unauthorized use of systems or data<br />
  18. 18. Why Security<br />Caterpillar, Inc.<br />Hackers rummaged undetected through Caterpillar, Inc.’s network for two weeks<br />- Outdated administrator's account that was never deleted <br />- Poor password protection<br />easily deciphered passwords<br />no passwords at all<br />The hacker or group of hackers accessed servers and workstations at various company sites<br />
  19. 19. Benefits of effective IT security<br />Protects an organization's valuable resources, such as information, hardware, and software<br />Protects reputation, legal position, employees<br />Protects computers from hackers.<br />Protection against fraud.<br />Protects computers from viruses, worms, spyware and other unwanted programs.<br />Prevent against data from theft.<br />
  20. 20. Ways to use IT to secure your business<br />
  21. 21. Business Firewall<br />Protects your business and your information<br />Stands between your business network and the programs that are out there on the internet. <br />Provides a means for allowed programs to travel through to a network through URL filtering <br />
  22. 22. Anti Virus and Anti Spyware<br />Anti-virus software is used to prevent, detect, and remove computer viruses, worms, and Trojan horses.<br />Ensure that other types of suspicious files and network activity should also be monitored e.g. malicious code <br />Antispyware software protects computers against pop-ups, slow performance, and security threats <br />
  23. 23. Encryption Software <br />Install encryption software to encode your online communications. <br />Encryption is not just for the big guys. You can protect the privacy of your e-mail messages and file attachments by encrypting them. <br />Encrypting your messages protects your information so that only those with the proper authority can decipher it. <br />Ensures that the messages come from you and that the information has not been tampered with <br />
  24. 24. Web Content Filtering<br />Many companies block certain websites to prevent employees from unknowingly downloading malicious content <br />Block access to sites by category such as entertainment, adult material, dating sites, chat rooms and social media <br />If specific websites need to be available to your employees, they can be added to a “whitelist” <br />
  25. 25. Email Monitoring and Spam Protection <br />Everybody who has used email has most likely been subjected to Spam.<br />Unwanted emails are not only bad for productivity, they can do damage to your systems and networks too. <br />A spam filter can help to reduce unwanted emails, but don’t forget to deploy anti-virus and anti-worm software on your mail server. <br />
  26. 26. Data Backup<br />What would happen to your business if suddenly all your data is destroyed? <br />There is a great need to have all of your essential data backed up and stored in a safe place on a regular basis.<br />This can be accomplished one of two ways: <br />Remote Backup – This method copies and stores your files on a secure remote server automatically and periodically.<br />Local Backup – This can be performed using software and backs your data up to a local storage device.<br />
  27. 27. Virtual Private Network (VPN)<br />To reduce the risk associated with remote connections, many organizations set up a virtual private network.<br />Allows employees secure access to the company network via the Internet. <br /> It is important to evaluate how much and what information the organization is willing to share over a VPN <br />
  28. 28. Virtualization <br />Virtualization combines or divides computing resources to present one or many operating environments<br />End users can execute, develop, and test applications without having to fear causing a crash to systems <br />Enables a user to run multiple virtual machines (VM) on a single physical machine, with each VM sharing the resources of that one physical computer <br />The VM concept has been in existence since the 1960s when it was first developed by IBM. <br />
  29. 29. Cloud Computing<br />An emerging Internet based business model for IT services<br />Cloud Computing represents the latest advancement in client-server technology<br />Web Based Application Services:<br />Platform as a Service (Paas)<br />Software as a Service (SaaS) <br />Infrastructure as a Service (IaaS)<br />
  30. 30. Audit Logging <br />Means by which changes to the database (inserts, updates and deletes) are recorded in a separate 'audit' database<br />Why event data should be logged on a given system?<br />Accountability – Identify what accounts are associated with events <br />Reconstruction – Log data can be reviewed chronologically to determine what was happening before and during an event<br />Intrusion Detection – Unusual or unauthorized events can be detected through the review of log data <br />Problem Detection – It can be used to identify problems that need to be addressed (e.g. investigating failed jobs, resource utilization)<br />
  31. 31. Data Loss Prevention (DLP)<br />DLP - Systems that identify, monitor, and protect data in use , data in motion and data at rest through content inspection within a centralized management framework<br />
  32. 32. Which Technology is Most Used?<br />
  33. 33. The Pros & Cons of Managed Security<br />Cons<br />Outsiders are exposed to potentially sensitive information <br />Increased potential for employees to be the culprit of a security breech<br />Level of risk has to be weighted against the potential benefits <br />Generic solutions are not customized to company's needs<br />Pros<br />Better understanding of the threat landscape and the tools to deal with those threats <br />Most in-house staff spend a great deal of time handling incidents <br />Cost savings on security tools such as anti-virus/anti-spam and firewalls <br />Service Provider dedicated its efforts to Information Security; no corporate policies exist/needed<br />
  34. 34. What is the Cost of IT Security?<br />
  35. 35. Evaluating Information Security <br />
  36. 36. Recommended Security Practices<br />Prevent infection with antivirus software<br />Install antivirus on all desktops, laptops, and servers<br />Check for virus definitions daily or set for automatic updates<br />Stop intruders with a firewall<br />Use a firewall on all desktops, laptops, and servers<br />Stay on top of security updates<br />Deploy security patches and fixes as soon as <br />Use the latest operating system versions<br />Create strong passwords and change them frequently<br />Don’t allow Web browsers to remember passwords/private data<br />Open email responsibly<br />Scrutinize attachments before opening them; be wary of unusual files<br />Do not open or reply to unsolicited mail<br />
  37. 37. Recommended Security Practices, cont.<br />Browse the Web with caution<br />Use secure Websites when you reveal personal information <br />Do not type confidential information in Instant Messaging/Chat programs<br />Back up regularly<br />Back up vital data daily and store critical backups offsite<br />Make remote connections secure<br />Require remote users to use antivirus and firewall software<br />Use a Virtual Private Network (VPN)<br />Lock down wireless networks<br />Install a firewall at the wireless access point<br />Ensure the physical security of your equipment<br />Never leave wireless devices unattended<br />Use the screen locking feature when you leave your workstation<br />
  38. 38. What IT Services are a good fit?<br />
  39. 39. Remember ...<br />Security is the <br /> correct balance of People,<br />Processes and Technology!<br />
  40. 40. Questions <br />WISE Comprehensive Solutions, LLC<br />sales@consultwcs.com<br />(301)-942-3711<br />

×