Security strategy - do you audit it?

Security_Mar17_ASecurity of a business’s systems and networks should be important to many business owners and managers. In fact, an increasing number of companies are implementing security strategies. While these strategies do keep businesses secure, there is one critical element that could cause plans to fail, leading to an increased chance of a breach of security: The audit.

Auditing and the security security strategy

Auditing your company’s security is important, the only problem business owners run across is where and what they should be auditing. The easiest way to do this is to first look at the common elements of developing security strategies.

These elements are: assess, assign, audit. When you develop a plan, or work with an IT partner to develop one, you follow the three steps above, and it may be obvious at the end. In truth however, you should be auditing at each stage of the plan. That means you first need to know what goes on in each stage.

During the assessment phase you or your IT partner will need to look at the existing security you have in place. This includes on every computer and server and also focuses on who has access to what, and what programs are being used. Doing an assessment should give you an overview of how secure your business currently is, along with any weak points that need to be improved.

The assignment phase looks at actually carrying out the changes you identified in the assessment phase. This could include adding improved security measures, deleting unused programs or even updating systems for improved security. The main goal in this phase is to ensure that your systems and networks are secure.

Auditing happens after the changes have been made and aims to ensure that your systems are actually secure and have been implemented properly. Throughout the process you will actually need to continually audit and adjust your strategy.

What exactly should be audited?

When conducting an audit, there are three factors you should focus on:

  1. The state of your security - Changing or introducing a security plan usually begins with an audit of sorts. In order to do this however, you need to know about how your security has changed in between audits. Tracking this state and how it changed in between audits allows you to more efficiently audit how your system is working now and to also implement changes easier. If you don’t know how the state of your security has changed in between audits, you could risk implementing ineffective security measures or leaving older solutions open to risk.
  2. The changes made - Auditing the state of your security is important, but you should also be auditing the changes made to your systems. For example, if a new program is installed, or a new firewall is implemented, you will need to audit how well it is working before you can deem your security plan to be fully implemented. Basically, you are looking for any changes made to your system that could influence security while you are implementing a new system. If by auditing at this point, you find that security has been compromised, you will need to go back to the first step and assess why before moving forward.
  3. Who has access to what - There is a good chance that every system you have will not need to be accessed by every employee. It would be a good idea that once a security solution is in place, that you audit who has access to what systems and how often they use them. This stage of the process needs to be proactive and constantly carried out. if you find that access changes or system access needs change, it would be a good idea to adapt your the security strategy; starting with the first stage.

If you are looking for help developing a security strategy for your business, contact us today to see how our managed solutions can help.

Published with permission from TechAdvisory.org. Source.



Windows - creating keyboard shortcuts

Windows_Mar10_AWindows is the most popular operating system in use today, with many businesses relying on it as their main system. Windows, along with the apps and programs used with it can sometimes be time consuming to navigate or even find, especially if you have a large number of icons on your desktop. In an effort to make things quicker, many programs use keyboard shortcuts but, did you know that you can use keyboard shortcuts to open programs on your desktop?

Read more...



Business blogging - 7 Tips!

BusinessValue_Mar03_AThere are many ways businesses can improve not only their value but how they connect with their customers. Sure, having a website is a great step, as is having a social media presence, but you need to produce quality content to post on your site or profiles in order to get people to keep coming back. One of the best ways to do this is with blogging.

Read more...



5 tips to creating an effective DRP

BCP_Marc17_AA business without a DRP (Disaster Recovery Plan) is like a circus acrobat without a safety net. The question is, are you willing to take that kind of a risk with your business? Considering how attacks to your business can come in many forms be it cyber, natural disaster or man made (among many others), it makes perfect sense to have an effective DRP in place.

Read more...



New guidelines for Facebook promotions

Facebook_Mar10_AAnyone who has used Facebook for any period of time is likely to know that the company is constantly making changes to the platform. One week they are introducing a new update to their mobile app, the next they are changing how we view posts and so on. Many of these changes are made to policies regarding use. Over the past few months Facebook has changed the Pages policy for businesses. These changes are something any business using Facebook for promotion needs to know about.

Read more...



cartoon