July 2 2012

Whose on Patrol for the Electronic Assets?

Posted on the 10:19 am under IT Security by Darren Boyer

Data and network equipment need a regular security patrol by humans to help keep the bad guys out.
When the chance of theft is high nothing beats a regular security patrol. We see security companies at special events, public buildings, construction sites and on regular nightly patrols. Not being a security expert this is presumably on the basis that a human can do far more than a security camera. Even the presence of security personnel can act as a deterrent. How much easier is a target when no one with authority is watching? I once worked at a place where the owner strung wire on the edge of their property and hung up wooden boxes that sort of looked like security camera’s from a distance. Presumably this was to scare off the drunken thief on a dark night otherwise this security layer was more of an amusement than real protection.
Effective security for computers and networks works on similar principles. It may not matter how good the security device is that is installed. Neither does it help long term to have a few ‘scarecrows’ so to speak that aren’t alive hung up. (These scarecrows could be physical or electronic). To keep a network secure and free from being compromised requires both an investment in infrastructure and discipline. A recent meeting of the 23 year old Information Security Forum came to the same conclusion. Their findings state that good cyber-threat management is a process versus an expensive electronic gadget. In other words, in the same fashion that regular security patrols identify that the gates are locked, the doors are locked, the windows are secured, the alarm system is turned on etc, a good IT security practice has a similar checklist. To protect electronic assets some of the items to check are:
• Is the antivirus software current on all clients?
• Are the passwords to computers and folders managed in a secure way?
• Has someone recently reviewed who has access to the folders and files on the network?
• Is the Firewall logging Intrusion attempts?
• Is internet traffic to known malicious sites being blocked?
• If malware is installed is the Intrusion Prevention system blocking it from calling ‘home’?
• Are the important hard drives and servers kept under lock and key?
• Are security certificates used to manage remote access?
Keeping a good network management security checklist can serve a number of purposes. It acts as a security patrol to help keep honest people from being tempted. It also locks down the electronic assets from the real bad guys more effectively.
We believe a simple checklist is a great way to ensure there is a process behind whatever security technology is deployed. This tupe of security ‘patrol’ should be conducted at least once per quarter.
Compiling the data from the checklists to produce a scorecard can demonstrate how security has been managed over time.

Written by Darren Boyer

Darren Boyer

Darren Boyer is the founder and president of pcit.

Related Posts: