Volume 3 Issue 1
How secure is your IT infrastructure and what you can do to keep it secure and backed up?…….
|Inside this issue:|
If you are like most
businesses with 50 to 200 employees your organization’s IT infrastructure
has probably evolved drastically from when it was first implemented. How
confident are you that the security for your information systems has evolved
also. Most companies today treat security as one of those tasks that HAVE to
be done to satisfy a GAP (General Accounting Practice) requirement rather than
a real threat that should be reviewed, analyzed and updated on a regular
basis. Unfortunately there are BILLIONS of dollars lost each year due to these
attacks with an average cost of $30,000.00 per security breech. Here are some
questions you should be able to answer as you begin controlling your IT
What do you have and how it is used?
What databases or other stores of information are available to your employees, clients or vendors? Which systems hold what information? Have you moved to an Internet access process but left the dial up access lines in place? What type of firewall protection do you have? When was the last time you or your IT team checked the web sites or newsletters of the packaged software applications you own to review if there have been security breaches found in these applications and patches developed and distributed?
Do you have access restrictions?
All the major database applications and operating systems allow for tiered authority and capability. You do not want to assign the same user password and capability to an entry-level clerk as you would to a senior executive or IT professional. Thoroughly review what tools are required for each job description and give the employee only the capability needed. When an employee leaves, part of the exit process should include the removal of their user name and password from the systems they had access to. On a regular basis review all your systems to ensure that only existing authorized personnel have access.
you monitor users usage and access?
What files do your users access? How long are they on for? What times do they access the system? Do they access the system from outside your locations? You can begin to develop a benchmark to determine the average usage and scan for aberrations. What do you do if there are exceptions? What ever you need to do should be agreed upon by all departments and written in the company procedure manual.
How is your data backed up?
Many companies ignore this problem until it is too late. Backups should consist of a complete (every file on the system and the operating system) backup weekly and a partial (any files added or modified since the last complete backup ) . The second most current set of full backup files should be stored off site in a safe or fireproof vault. As part of your security audit take a look around and see if any department has added a LAN or intranet that does not belong to your back up process.
By working to answer the above questions you will either find some holes that need to be filled in your IT security or you may find that you are in pretty good shape. If the latter is the case congratulations but do not let down your guard. As a security expert from ATT once said “Its not what do I do if I get hit, but what do I do when I get hit”.
For more information on computer security you can go to www.gocsi.com for the Computer Security Institute.
Telecom Trade Shows:
North American Numbering Plan Association
California Public Utilities Commission
RBOC standards and Documents
CDR-Data Corporation adds Verizon wireless to its list of hundreds of call record formats! If you wish to have a combined report that shows all your wireline and wireless traffic please call us at 626.791.9700.