Your Security Policy is the Foundation of Your Defense System.

Understanding the threats to your system is the gateway to the creation of a security policy that represents a truly professional set of tools.

To achieve a solid platform for your analysis, you can search the Internet for experience from actual attacks on similar systems and involve professional assistance

  • All data should be safeguarded to a degree that reflects the value they represent. This value will depend on the consequences of the security event.
  • Enumerate all that possibly can go wrong whether through an accidental event or caused by carelessness or malicious intent.
  • Re-evaluate the defense methods that already are established and consider what else might be needed.

    Passwords, encryption, redundancy, backups, firewalls, and pin codes may all work for you; it all depends on how these measures are implemented and maintained.

If you do not feel totally confident about this procedure you should probably consult a professional.

If intrusion prevention, detection, and assessment are words with little meaning to you, you should definitely talk to a professional.

How Much Security is Adequate Security?

Appropriate security is as much about assessing an appropriate level of defense. This is where a cost benefit analysis becomes a useful tool.

Estimate the maximum loss equal to: Lost income due to the missing information, cost of restoring/ reacquire the information, and the consequences of publicizing/revealing confidential data.

 Assessing Probability of Loss Scenarios.

Some events are logically more likely to happen than others, and some data will be more or less exposed to perpetrators.
If you choose to transmit unencrypted confidential information over an unsecured channel like regular e-mail or telephone, the probability of interception is very high. Had those data, on the other hand, been encrypted with an advanced algorithm, the probability that the interceptors would break the encryption could be close to zero.

Cost Benefit Analysis on Optional Security Measures.

With the result of the previous steps factored out to a dollar value, you can answer the question: How much security is adequate security.

It is perfectly acceptable to ‘pick the low hanging fruit’ -give with the most obvious problems first priority. To eliminate the root of the problems will strengthen the system as you continue to work on one issue after another.

Security is an ongoing process. The sooner you start it the better your protection.

 

Common misperceptions about IT security:

  • You may not think your data have any market value, but imagine what it would cost you if you had to restore everything?
    Or what if your system was rendered useless due to a destructive attack?
  • (Sorry!) A 100 % bulletproof system does not exist. Besides, even the most sophisticated technology needs to be properly configured, monitored, and updated on a regular basis.
  • Your computer can be infected through any media you connect to: Networks, cellphones, flash drives, cameras, players, CDs, DVDs e.c.t. e.c.t.
  • The most obvious time to intercept confidential data is during transmission.
  • Unfortunately any non-trivial system include an unaccounted for number of bugs and vulnerabilities.
  • It may be carelessness, plain stupidity, or mal intentions but employees remain among the most common suppliers of information to hackers.
  • All known statistics shows that you are probably wrong; -in fact you may be under attack right now. Besides, statistics only account for cases where the attack was detected and reported.
  • By spending a little effort up front, anticipating security issues, will save a lot of cost later on when you have to fix the security problems.
Monitor Man Thief