View
144
Download
1
Category
Tags:
Preview:
DESCRIPTION
Citation preview
Secure Your Business!A Blueprint for a Healthy Technology Plan
Presented by:
Robert CioffiDirector of Technology
rcioffi@pro-comp.com
2009
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
Installing confidence
in your network
www.pro-comp.com
Overwhelmed or confused by technology problems.
We are Trusted Technology Advisors for small and mid-sized businesses throughout the NYC metro area.
We design, install and maintainMicrosoft Windows based
networks.We help customers who are…
Frustrated by poor and unresponsive support. Feeling helpless when faced with new IT challenges.
2
3
Secure Your Business: Objectives
Increase Awareness of ThreatsWhat are the potential threats to my financial transactions, intellectual property, customer database, images, etc?
Understand Protection StrategiesHow do I protect my business?
Understand Pressures on ITWhat are the dynamic forces affecting IT?
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
4
Secure Your Business: IT Mgmt Mistakes
It’s the economy, stupid!“Companies using their 2009 performance as a guide are more likely to see 2010 as
another down year, perhaps even lower than 2008…”“…unlike past recessions, CIOs report that transaction and storage volumes continue to grow. This means that enterprises have to work smarter by working in new ways
than working harder by doing more with less. ”
Source: Gartner, The context for 2010 planning will be challenging, June 22, 2009
Pressure leads to Mistakes
IT is a Cost Center
IT is not well understood
Hyper focus on apps
If it ain’t broke, don’t fix it
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
5
Secure Your Business: Traditional Threats
Natural Disasters
System Failures
Human Error
Human Outsider
Human Insider Most Dangerous
} Most Common
Recent Focus
F.U.D.
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
6
Secure Your Business: Threats 2009
Specific threats affecting business…
PhishingAttacks Spyware Computer
Abuse
DataLeakage
(Accidental)
DataLoss
(Malicious)
Theft & Loss
Rising Costs & Less ResourcesCopyright © 2009, Robert Cioffi, Progressive Computing Inc.
7
Secure Your Business: Budgets
DataProtectio
n
Power
ThreatMgmt
AccessControls
AssetProtectio
n
Policies &Procedur
es
Risk Assessment
provides clear
direction on
Resource Expenditure
s
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
8
Secure Your Business: Data Protection
What’s the most important part of your computer system?The Data!
What’s the right way to protect my data?
TRADITIONAL INNOVATIVE HYBRID
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
9
Secure Your Business: Data Protection
Data Protection Technologies – 2009/10
Server Virtualization
Online Backups
Reduce cost. Maximize resource
utilization. Greater system availability.
Near real-time backup. Versioning and quick
recovery. Low operating costs.
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
10
Secure Your Business: Power
Rising costs of energy saps business.
Datacenters are running out of power
Do more with less – Virtualization?US power: Prone to failure & attack
Costs to build power plants on the rise. Government regulations making it harder. Microsoft acquires local power plant for
datacenter.
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
11
Secure Your Business: Threat Mgmt
Anti-Virus
Anti-Spam
Anti-Spyware
Anti-Phishing
Content Filtering
Intrusion Detection
Firewalls
Prevention Protection Detection Response
Depth in Defense
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
12
Secure Your Business: Access Controls
1. Define resources, and users; what can they access?
Windows Group Policy is an excellent and powerful tool for implementing centralized Logical Security on your network: desktop lockdown, password policies, application options control, and more.
Who Has Access to What?
7. Bio-Scan Technology: Hand readers, Retina scanners, etc.
2. Force users to enter logon credentials to access resources.3. Segregate data into logical areas & assign appropriate access.4. Passwords should be hard to guess & changed periodically.5. Educate users about dangers of social engineering.
6. Periodically check for and install software patches & updates.
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
13
Secure Your Business: Asset Controls
Secure critical components behind locked doors. Computer rooms should be well ventilated and properly
cooled. Restrict access to sensitive equipment to relevant
personnel. Computer workstations can be secured to walls or
furniture. Laptop users should keep an “eye” on their computer at
all times. Asset management systems help keep track of inventory. Remote Device Wipe for Windows Mobile 6.x Devices Windows Vista/7 Bit-Locker – Encrypt the entire drive “Homing Pigeon” Software for lost or stolen equipment
How do I control & manage assets?
Technology Goes Hollywood
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
14
Secure Your Business: Policies
Policies are guidelines for protecting assets. Should be routinely reviewed and revised. Good risk assessment will drive good security policies. Makes expectations of employee behavior &
accountability clear.
Corporate Policies & Procedures
Examples Email & Internet Usage Email signature disclaimers Don’t Ask, Don’t Tell Passwords
Dangers Policies are platitudes
rather than a decision or direction
Too restrictive – people bypass
Copyright © 2009, Robert Cioffi, Progressive Computing Inc.
15
Secure Your Business!
Q & ACopyright © 2009, Robert Cioffi, Progressive Computing Inc.
Recommended