10 control-Systeme, Security-Unternehmen


Modern infrastructure company today has evolved over the years, the best teams in the middle of 1940, could not even know what the mainframe may be a few years. Now we have computers, high-quality processing of large amounts of disk space and speed, which are readily available. We have seen changes in the mainframe of the fire spread and distribution network businesses. All this development is great, because they facilitate the conduct of business, but also led to many security companies issues.In This article examines the 10 security controls that take the company in order to reduce the impact of the company is aware questions1 infrastructure security. Adopt a holistic approach to Enterprise Security securitySuccessful requires good planning and a comprehensive security strategy that takes into account that every organization, processes, by the people. Many companies have time to study in expensive technical solutions, in response to the security breaches.2. The development of security solutions for business / policy organizations need to develop security programs, to define the functions of regulatory authorities, policies, procedures, standards and guidelines security.Roles the company: the system is responsible for what, for example, Chief Information Security Officer (ISO) may be responsible for the safe organization.Policies circumstances, it is good: These are general statements throughout the organization, sets binding standards in order to ensure minimum standards for safety. Here are some examples: E-mail Acceptable Use Policy, Internet use policies, policies for mobile devices, etc. .Rules: This is the policy that describes the steps and processes to meet specific needs. For example, a requirement that all electronic communications encrypted.3. Risk Management – take basis risk management a continuous process of risk identification, risk assessment and measures to reduce risks to an acceptable level. It requires the identification of organizations to ensure this could include human resources, technology, trade secrets, patents, copyrights, etc. .Next, identify all potential hazards, the confidentiality, integrity and availability impact of these measures. The Board can not decide what the risks identified, the risk can be minimized or to any third party, such as insurance company.4. To optimize the need for companies to technology start PracticesBeyond for the creation and use of best practices and processes, IT Services: Streamline business processes. Number of framework for international recognition has been developed to describe the process and the effective management of IT infrastructure. So, no need to reinvent the wheel. Here are some examples: COBIT – Control Objectives and Related Techniques {1}, ITIL – Information Technology Infrastructure Library {2} and {3} ISO 27001 fifth rationalization physical environment / safety, and it is important to environmental information and ICT infrastructure the security of the physical world of business. Physical security should be the goal of security guards, surveillance and detection, closed, for example, security, alarms, circuit television. Access control systems to prevent and blocked, for example, fencing, lighting, locks, etc. biometric monitoring of environmental design, server room temperature, humidity, air conditioning, a static electricity, fire and emergency, will all these elements have a good optimized 0.6. Implementation of content filtering / control solutions.As content (Internet e-mail traffic, etc. ..) and leave the company, it is well done, to avoid security breaches and attacks. The control can be: – Web filtering principles apply to the Internet through content filtering, block applications, and the best of its kind to use to protect against spyware .- spam filter / lens firewall your e-mail attacks , spam, viruses, spoofing, phishing and spyware .- Unified Threat Management (UTM): the organization decides to UTM solutions offer many advanced features of a package, the intrusion contains antivirus, antispam, Web filtering, antispam, Firewall, SSL – VPN, traffic shaping, and more than 0.7. Management WAIT NETWORK increase of security breaches come from within its own ranks, it is very important to the economy, a corporate network. Some features are: – a list of all approved programs and unauthorized devices on the network. – Maintenance, monitoring and evaluation and analysis of vulnerabilities continues to document, patch management and remediation, reduction and control of network ports, protocols and services8 check. They are identity management and rights management is very important and crucial to prevent violations of rights and identity system, the rights of users. Implementation of policies and identity management system, change the more users, permissions, and the elimination of customs duties means to change your password. It is also necessary for the controlled use of administrator privileges. Advertising is based on the know-based? For example, if all members of the organization will receive a base salary? By focusing on the ninth Data Loss Prevention (DLP). Data Loss Prevention provides security as well as mobile and stationary. With the advent of mobile devices, memory cards and plenty of space, which is very simple too much information about the company, the media copy within seconds. I’ve heard stories of disgruntled employees selling their databases of customers to competitors. Data Loss Prevention (DLP) tools that the inadvertent disclosure, including the controls and connections, to prevent the encryption (both hard drives and media encryption.) Also, as you have included with hard drives that confidential information and the organization around? What documents? I bet you can catch a lot of information about the diving business processes only in containers (say a few investigative journalists in this way, “Spy”) was obtained. There’s no excuse not to destroy the organization of important documents in paper form, taking into account all mills on the market, and some can also destroy CDs and media.10 plastic. Not aloneSecuring information grows every day, unfortunately many companies do not feel important, to imagine the violation happened.You that are not the direct costs of active safety, what can the cost of recovering data from lost or in an accident damaged, notify customers of violations of the costs, and penalties for failure, for example, include the indirect costs, customers, lost productivity during the investigation / resolution of violations and fraud, and many others. It is therefore important to seek help from outside, or an outside consultant, if necessary in order to help include: – the IT penetration testing, also known as “ethical hacking” their own infrastructure .- Training of personnel security, etc. audit .It is important to remember that safety requires resources, the company is not just an event but a continuous process which requires constant vigilance and support for the administration, because of the growing threats to information systems and change daily. References: 1 itgovernance2 http://www.27000.org itlibrary.org third