Security Audit
Solutions Products Sales Support Partners Company
   

                                     

 Locator
Printable Version
   Solutions
   Malware Threats & Trends Alert  
   Product types  
   Success Stories / Case Studies
   SecureNews Newsletter
   Internet Security Glossary  
 
  Home > Solutions >> Quick Solutions
 
  
Security Audit
Security Audit solutions, from Secure Computing.

Security Audit Solutions from SECURE COMPUTING®

The Security Audit: What Is Threatening your Network?

security audit No two enterprises have the exact same security requirements. A government installation with sensitive Defense documents, for example, will require a much higher degree of security, encryption, and access control than an enterprise with no sensitive data. Creating an appropriate security infrastructure starts with a security audit.

In particular, Web 2.0 threats have changed the very nature of networking, and responses to threats have had to evolve. A security audit may be in order to evaluate how the threat scenario has changed. According to a Forrester report, "Internet Risk Management in the Web 2.0 World," "most organizations either do not know how effective their policies are or lack effective mechanisms to enforce the policies."

In addition to a generic security audit, regulations such as Sarbanes-Oxley and HIPAA call for very specific security measures, and for example, a HIPAA security audit will focus on ensuring that the enterprise's security system meets the requirements of that mandate. Network security auditing may be conducted by internal IT staff, or an outside security auditing firm. Although there are numerous standard best practices in holding a security audit, the simplest approach is to use one of the many available security audit software packages. Many of these security audit tools are simple to use and quite effective.

Regardless of your method, start with a security audit checklist, and identify all of your assets. In this first stage of the security audit, you merely list all of your technology and information assets. After the assets have been listed, write down every possible threat to each asset. This includes not only cyber-threats such as infection from viruses or malicious attacks; but also losses or outages from natural disasters or accidental oversight/policy violation. Assessing possible threats requires a combination of common sense, fortune-telling and reviews of past security problems.

Once all assets have been defined and potential security threats listed, the security audit must then move to a ranking phase, where the relative importance of each threat is ranked. After that, security audits will evaluate any existing controls or potential controls that could be used to mitigate each risk. More often than not, a combination of controls, or a multi-layered security strategy, will be essential in making sure that each threat in the security audit has been addressed.

Finally, existing controls, other controls not yet implemented, and potential for damage must all be evaluated, and a cost-benefit analysis taken. At this point in the computer security audit, the potential benefit of each solution listed is weighed against the potential damage, and the cost of implementation.

Once this phase of the security audit has been completed, the implementation phase calls for the creation of an appropriate security policy that outlines the steps and measures that will be taken to mitigate the risks outlined in the security audit; and the rollout of new technology.

Secure Computing's multi-layered security strategy is designed to meet multiple threats and attack vectors. Following a security audit, visit Secure Computing's home page at http://www.securecomputing.com to find the best solutions to every possible threat against your network. Download the Forrester report on Web 2.0 threats.

For more information, please download these white papers:

  1. Data Leakage: Four Sources of Abuse, Part 1
  2. Data Leakage: Four Technologies to Protect Content, Part 2

View more white papers here or visit www.securecomputing.com




Access Control | Anti-malware | Anti-phishing | Anti-spam | Anti-spyware | Anti-virus |
Application Firewall | Auditing & Reporting | Authentication | CIPA Compliance | Common Criteria | Content Filtering | Data Leakage | Email Security | Enterprise Gateway Security | Firewall |
Global Intelligence | Identity Management | Internet Security | Internet Security Solutions |
Intrusion Detection | Messaging Gateway Security | Messaging Security | Network Gateway Security | Network Management | Network Security | Network security software | Online Banking | Password |
PCI DSS | Radius Authentication | Regulations Compliance | Remote Access | Reputation Score | Reputation System | Security Appliance | Security Audit | Security Policy | Security Software |
Spam Blocker | Spam Filter | Spam Prevention | Strong Authentication | TrustedSource | Unified Threat Management | UTM Security | Virus Blocker | Virus Protection | Virus Signature | VPN | Web 2.0 Threats | Web Filtering | Web Gateway Security | Web Reputation | Web Security | Wireless Network Security

   Copyright © 2008 Secure Computing Corporation. All Rights Reserved. Home | Contact | Privacy Policy | Disclaimer | Sitemap