IT Security Assesment

IT Security Assessment An IT Security Assessment is a great way to take an inventory of what your needs are in IT Security. Whether you must comply with regulatory requirements, including HIPAA and PCI, or are concerned about your IT Security, consider an IT Security Assessment as a starting point to see how your company is protected today. If you perform an IT Security Self Assessment, the Computer Technology Industry Association, CompTIA recommends you ask yourself some of the following questions: Data Types and Storage Do you store Private Health Information (e.g. HR records). If so, how many records? Do you store Personal Financial Information (e.g. SSN, date of birth, account Information, banking information). How many records? Do you store credit card data? How many records? What is the nature of your confidential intellectual property? Where do you do business – state, national, international? Where are backup devices (tapes, drives) stored? In a secured area? Company Information What is your tolerance for downtime (for the most critical applications)? Do you carry breach insurance? Do you carry liability insurance? Have you had a breach in the past three years? If so, what were the consequences? Security Processes Do you have written security policies and procedures? Do you perform internal audits? How often? Do you perform external audits? How often? Do you perform vulnerability checks? How often? Do you regularly review policies and procedures? Do you have an incident response plan? Do you have employees working from home? Do you have encrypted hard drives? Removable media? Do you control and log privileged access? Do you have a mobile device strategy? These...

Bring Your Own Device (BYOD)

Bring Your Own Device (BYOD) Bring your own device (BOYD) is a recent trend where employees use their personal mobile devices including: iPhones, iPads, tablets computers and smartphones to access company information including your network, email, files and critical business applications. This policy can make your employees more productive. BYOD may save you the expense of buying mobile devices for your employees. However, if not managed appropriately, BYOD may open up security risks in your data protection strategy. Due to their mobile nature, these mobile devices are susceptible to theft and loss. Also, mobile devices may infect your network with viruses and malware, if they are not properly maintained. Here are some tips to minimize your exposure to employees who BYOD: Require Passcode to Unlock Device Requiring a passcode will prevent unintended access to your network or application data in case a user’s mobile device is lost or stolen. Keep OS/apps Up To Date To avoid virus and malware attacks on your mobile devices, it is a good policy to keep the operating system up to date with the latest security patches. It is also a good idea to keep your applications up to date to avoid a network security breach. Don’t Allow “Jailbreaking” of Operating Systems Some employees may “jailbreak” their iPhones or iPads so they can install additional applications and extensions that may not be available through the Apple Store. Jailbreaking may expose security breaches on these devices creating a weak link in your data protection plan. Services for Tracking and Wiping Most mobile devices will automatically check in to their geo-location when they are turned on....
Page 6 of 6« First...23456