Pass through IT security scanning
Does information really matters? I'm sure the answer it YES! Then I'm sure
you will ask a professional IT security auditor to make sure your data is
accessible only to authorized persons, managed in a proper way and the
possibility of information leakage is minimized.
"To make an audit of backup process it's enough to emulate the system crash". |
As long information is the most valuable resource of the company, then it's
obvious that when we talk about auditing security, we should focus on IT
security audit. Getting information about the security procedures in your IT
department is critical to your business.
Are there any common
IT
security issues that we should pay attention to? IT
security auditor should check that the information you are using is securely
kept and managed.
Keeping information secure is not a kind of art
There are some major issues
your admin should remember about.
- First, keep data in secure place, such as
encrypted hard disk.
- Second, make sure only authorized persons can access
certain information.
- Third, make sure it's not possible for intruder to get your
data.
To make an audit of backup process it's enough to emulate the system crash.
How long will it take to recover the whole system? Will all the data be
recovered? What will be data lost? Once, auditor have these data, it's necessary
to compare it against common industry, e.g. benchmark your backup process
metrics against your colleagues.
If only authorized person can manage your data?
What about controlling, if only authorized person can access sensitive data?
It's harder than checking up backup. The thing you should start with is making
sure that authorized administrator have a clear structure of who have access to
the sensitive data, there might be a levels of access, but the whole system must
be described clearly. This is the key part of secure authorization and
information sharing.
The most important - how do your people manage secure information? If there
is a chance of copying secure information, e.g. possible information leakage? If
there are some persons who is unaware about security measures that are used
within company? Do users follow an appropriate password policy?
What it security auditor should check
"How to get
known what should security expert scan?" |
There are much more questions about possible security leakages and the
must-scan issues. How to get known what should security expert scan? Well, it
depends on how can potential intruder get your data. It's necessary to use
file
shredder (better if it would be background mode) to make sure it's not possible
to recover data.
How to check if users are managing files in a proper way? Try to find
possible breaks in security. For instance, someone can keep files not in
document management system, which is protected with strong encryption, but on
local hard disk, protecting them with easy to crack password.
Can people at your company use a flash drives?
"If user copies
a password protected files to flash drive then it might be a
possible security issue" |
It's very dangerous, as it
would be easy to copy the sensitive data and take it out the company, but again,
some business really require information to be copied on flash drives? What is
the solution? Try to monitor the actual information that is copied on these
drivers. For instance, if user copies a password protected files, then it might
be a possible security issue.
Checking the passwords is another task. Short or known password will not
work. Make sure there is a copy password policy which tells what passwords are
good and why. Make sure people follow this policy.
Find
Protected is an utility to force Password Security policy
Find
Protected allows to detect incidents, when one break Password Security
Policy.
-
Prevent
using password protection for not-sensitive documents
-
Prevent
information leakage, when one keep sensitive file in non-secure
location
-
Prevent
in-appropriate using of password protection (for example, password
protection of personal files)
You
can download now an evaluation version of Show Hidden Files program. Download
Show Hidden Files.
Visit
Ordering page to obtain more information about pricing. Visit
Ordering Page.
Visit
Support page to ask some question about Show Hidden Files. Obtain
support.
YOUR FEEDBACK
Please, let us know what you
think about this article:
|