|
Security is an important part of every
IT infrastructure. It permeates the network, servers and workstations.
But security is difficult for small organizations to manage
because:
- the threats aren't clear
- there are more attractive ways to spend money
- you must determine how much risk and inconvenience are acceptable
- most small organizations don't understand their
security situation or the costs
of improving it
Most small organizations
want to plug significant security holes,
but they don't want to spend more than necessary.
Therefore, we've developed security offerings for small
organizations. Before we describe them, we'll define security
and risk and describe the security process.
Definitions
Security is a process that maintains an acceptable level of risk.
- The security process
involves assessment, protection, detection and response.
The process must be repeated
because things change.
- An acceptable level of risk is different for every
organization because
of differing priorities, budgets and preferences.
Risk is the odds an
asset will be harmed and the consequences of that harm.
risk = threat * vulnerability * asset value
For example:
Asset |
Asset
Value |
Threat |
Vulnerability |
Risk |
| Data on File Server |
very high |
medium |
low |
|
| Web Site |
medium |
medium |
medium |
medium |
| Data in Desktop PC |
low |
low |
medium |
low |
| Data in Laptop |
low |
medium |
high |
medium |
Process
The 4 steps in the security process are:
- Assessment: analyze your current security
situation
- Protection: put measures in
place to reduce risk
- Detection: detect attempted
security breaches and assess the damage
- Response: amelioate the consequences
of security breaches
All 4 steps are important, but the first step is the most important
because organizations need to
understand the risks and costs of reducing them before they
can determine how to proceed.
Click here to see descriptions of our security assessment offerings. |
