SmartAdvice: Consider Hardware, Software, And User Education In Securing Your Networks - InformationWeek
10:18 PM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

SmartAdvice: Consider Hardware, Software, And User Education In Securing Your Networks

If you don't have the right skills to secure your networks in-house, run a security audit, then look for outside expertise, The Advisory Council says. Also, boost software quality with a formal application-development methodology.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to

Question A: We don't have the skills to properly secure our network. What factors should we consider in selecting a managed security service provider?

Our advice: Since the consequences of not properly securing your network can be extremely costly to business, it is wise to take network security seriously. Recognizing that you don't have the necessary skills in-house is the first step toward securing the right resources. Ask about network security companies that other businesses had good experiences with. Don't skimp on your pre-qualification research--after all, you'll be entrusting your company's information to them, so you must feel comfortable that the vendor will deliver peace of mind. To minimize your vendor risk, look for a combination of good references, deep experience in securing network systems, and industry-recognized certifications.

Before committing to any system changes, hire a firm that specializes in security audits to make an assessment of your existing conditions. Choose an auditor with deep experience and solid references. Computer security has been a specialty for more than 10 years, so there are plenty of firms available with the expertise you need. For extra assurance, there are a number of reputable security certifications that will ensure that the person at least knows enough about computer security to pass the exams. The Certified Information Systems Security Professional certification is best known for being comprehensive, but there are others.

It's important to think about how much security you actually need. For example, if you're in the health-care industry, HIPAA requirements will mean that you'll need to concentrate on applications security in addition to the standard firewalls and antivirus software. Remember that computer security is a combination of hardware, software, and user education; you'll need to consider all three to create an effective security system. If you need specialized security expertise due to the nature of your industry or business, don't hesitate to confirm that the vendors you're considering have that expertise.

Related Links
Computer Security Institute

SANS Institute

International Information Systems Security Certification Consortium

Once you've completed the audit and determined your real security needs, there are a number of approaches you can take to secure your networks. You have the choice of hiring an outside firm to manage all of your systems, or use an outside company to manage just your firewalls, so you can concentrate on strengthening your internal security. If you're already using a vendor for managing your desktop systems and servers, chances are they'll already have the expertise you need. If not, there are products on the market designed to help businesses secure their systems without the need for a deep knowledge of network security.

In conclusion, select computer security companies on the basis of a combination of security expertise, good customer references, and certifications. Perform a systems audit to determine existing conditions and your security requirements before making radical systems changes. From the audit information, you'll be able to implement an appropriate mix of systems to ensure your business against computer-security threats.

-- Beth Cohen

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll