Infrastructure
Commentary
9/2/2004
10:18 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

SmartAdvice: Consider Hardware, Software, And User Education In Securing Your Networks

If you don't have the right skills to secure your networks in-house, run a security audit, then look for outside expertise, The Advisory Council says. Also, boost software quality with a formal application-development methodology.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to smartadvice@tacadvisory.com


Question A: We don't have the skills to properly secure our network. What factors should we consider in selecting a managed security service provider?

Our advice: Since the consequences of not properly securing your network can be extremely costly to business, it is wise to take network security seriously. Recognizing that you don't have the necessary skills in-house is the first step toward securing the right resources. Ask about network security companies that other businesses had good experiences with. Don't skimp on your pre-qualification research--after all, you'll be entrusting your company's information to them, so you must feel comfortable that the vendor will deliver peace of mind. To minimize your vendor risk, look for a combination of good references, deep experience in securing network systems, and industry-recognized certifications.

Before committing to any system changes, hire a firm that specializes in security audits to make an assessment of your existing conditions. Choose an auditor with deep experience and solid references. Computer security has been a specialty for more than 10 years, so there are plenty of firms available with the expertise you need. For extra assurance, there are a number of reputable security certifications that will ensure that the person at least knows enough about computer security to pass the exams. The Certified Information Systems Security Professional certification is best known for being comprehensive, but there are others.

It's important to think about how much security you actually need. For example, if you're in the health-care industry, HIPAA requirements will mean that you'll need to concentrate on applications security in addition to the standard firewalls and antivirus software. Remember that computer security is a combination of hardware, software, and user education; you'll need to consider all three to create an effective security system. If you need specialized security expertise due to the nature of your industry or business, don't hesitate to confirm that the vendors you're considering have that expertise.


Related Links
Computer Security Institute

SANS Institute

International Information Systems Security Certification Consortium

Once you've completed the audit and determined your real security needs, there are a number of approaches you can take to secure your networks. You have the choice of hiring an outside firm to manage all of your systems, or use an outside company to manage just your firewalls, so you can concentrate on strengthening your internal security. If you're already using a vendor for managing your desktop systems and servers, chances are they'll already have the expertise you need. If not, there are products on the market designed to help businesses secure their systems without the need for a deep knowledge of network security.

In conclusion, select computer security companies on the basis of a combination of security expertise, good customer references, and certifications. Perform a systems audit to determine existing conditions and your security requirements before making radical systems changes. From the audit information, you'll be able to implement an appropriate mix of systems to ensure your business against computer-security threats.

-- Beth Cohen

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
2014 Next-Gen WAN Survey
2014 Next-Gen WAN Survey
While 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.