What information can keep us up-to-date in the IT department and prepared for the future?
Creation Date : Jan 13, 2010 11:57 AM | Modification Date : Jan 13, 2010 11:57 AM
Average User Rating
(0 ratings)
This Question is Possibly Answered
1 "correct" answer available( 4 pts) 2 "helpful" answer s available( 2 pts)
2
Replies
Last post
: Jan 19, 2010 10:55 AM
byKevin Beaver
Expert Answer
The big gotcha that takes a lot of business owners by surprise is information security - or lack thereof. Many assume that a firewall and anti-virus are all that's needed to run a safe and secure business but that's simply not true. There are so many other issues such as the security vulnerabilities related to mobile devices (laptops, smartphones, external hard drives, USB storage devices, etc.), your Web/Internet-facing systems (marketing site, e-commerce application, file uploading/downloading capabilities, remote access, etc.), your server management (patching, system hardening, passwords, backups, etc.), and your overall IT operations including security policies that outline what's expected of everyone as well as your security plans that outline the steps to take in the event of a security breach or disaster.
Of course, all of this will be of limited value if you don't have your users and the entire management team on board with security and privacy and the general responsibility of minimizing business risks in this area. Beyond the essentials, you need to have someone (internal or an outside consultant) who's aware of all the compliance regulations affecting your business such as PCI DSS, GLBA, HIPAA and the HITECH Act, and all the state breach notification laws.
Whew, no one said running a small business was easy but this stuff can be done if you approach it in the right way and not go overboard with expensive - and often unnecessary - controls that the vendors will undoubtedly push on you.
Kevin Beaver
Kevin Beaver is an independent information security consultant, speaker, and expert witness with Atlanta-based Principle Logic. A Certified Information Systems Security Professional, he has more than 20 years' experience in the industry and specializes in performing independent information security assessments revolving around compliance and information risk management. Kevin has authored/co-authored seven books on information security, including "Hacking For Dummies" and "Hacking Wireless Networks For Dummies." He's also the creator of the Security On Wheels information security audio books and blog, which provide security learning for IT professionals on the go. Check out Kevin's security blog or follow him on Twitter.
Average User Rating
(0 ratings)
Expert Answer
One more thing - a great way to keep up with all of this is to read the prominent trade rags like Information Week, InfoWorld, and CSO...even following some of the information security blogs and Twitter accounts will do wonders. Here are two of my resources to get you started:
http://securityonwheels.com/blog
Kevin Beaver
Kevin Beaver is an independent information security consultant, speaker, and expert witness with Atlanta-based Principle Logic. A Certified Information Systems Security Professional, he has more than 20 years' experience in the industry and specializes in performing independent information security assessments revolving around compliance and information risk management. Kevin has authored/co-authored seven books on information security, including "Hacking For Dummies" and "Hacking Wireless Networks For Dummies." He's also the creator of the Security On Wheels information security audio books and blog, which provide security learning for IT professionals on the go. Check out Kevin's security blog or follow him on Twitter.
Average User Rating
(0 ratings)
