IT Security Definitions
Definitions for some of the most common IT Security words and terms you need to know
Data Loss Prevention
Many firewalls include provisions for Data Loss Prevention (DLP). DLP software is a module that sits on top of the firewall’s operating system and watches the network for unauthorized information leaving the network.
For example, if a disgruntled employee tries to email a list of client credit card numbers to a personal email address, the DLP software will recognize that data and prevent that information from leaving the network.
DLP can be configured to protect ICD codes, credit/debit card numbers, social security numbers, and more.
Data Protection, Disaster Recovery, and Encryption
It is no longer enough just to have an offsite copy of your data and call it a day. Now you must ensure you have access to all the resources you need to restore your business to a fully operational state in the event that a disaster occurs.
Moreover, you must ensure that if those offsite backups are stolen, that the data is encrypted to prevent it from falling into the hands of an unauthorized user.
This ensures that you don’t fall victim to a disaster, or worse, a malicious attack aimed at corrupting or exposing their data.
In order to ensure that your emails don’t end up in the wrong hands, encrypted email solutions ensure that the only person who is able to read an email message is the person who it was intended for.
With the popularity of text messaging ever on the rise, the need for secure communication between mobile devices is rising.
The same privacy threats to messages sent via email apply to text messages as well. In order to combat those threats, you can turn to encrypted texting solutions that provide a similar experience to encrypted email by ensuring that the only person able to read the message is the intended party.
Many people, including some IT professionals, think that firewall installation is a “set it and forget it” procedure. They believe that once the firewall is in place on the network, they don’t need to do any further configuration. This is a dangerous misconception.
In order to provide the maximum amount of protection possible, a firewall must be configured properly for the network and steps must be taken to ensure that unneeded services, ports, and protocols are blocked at the network perimeter.
Additional hardening steps can also be taken as a precaution, such as blocking all traffic from certain IP addresses, networks, or even geographical regions.
Information Security Policy and Compliance Management
Creating an Information Security Policy can be a daunting prospect. In most cases, many users do not have the experience and/or knowledge necessary to create an Information Security Policy that will protect them and meet their regulatory requirements.
Managed Anti-Virus and Anti-Malware Software
In an organization with 20 or more workstations, keeping anti-malware software up-to-date can be a daunting task. Managed anti-virus and anti-malware software allows IT companies to deploy these applications from a central console and keep all associated workstations updated as a cohesive unit.
Most managed implementations allow you to utilize a central virus response system or quarantine that allows you to intervene automatically if and when a suspicious file is detected, cutting down on service calls and the amount of hands-on time to repair malware issues.
Managed Data Encryption
It isn’t uncommon to hear that a data breach was precipitated by the theft of a laptop or mobile device that contained confidential or proprietary data. Managed Data Encryption is an essential tool for combating these types of accidental data disclosure.
Managed Data Encryption products allow you to secure and manage your sensitive data from a centralized location, eliminating the need for per-workstation configuration that could open the door to errors in configuration or maintenance.
Many compliance standards have a requirement for the regulated entity to monitor for new security patches and apply these patches as soon as possible. A patch management system allows you to specify how and when these installations occur. In many cases, a patch management system can significantly cut down on the amount of hands-on time required to bring servers and workstations up-to-date and into compliance with regulatory requirements.
Many compliance standards require a quarterly risk assessment to identify any issues that may be present in the information security infrastructure. By performing regular risk assessments, you can often catch small problems before they become big problems.
Even if you aren’t required by regulations to have a regular risk assessment, it is a very good idea for every company with a network to have a risk assessment performed annually. This will help identify potential problem areas that should be addressed before a data loss incident occurs.
Security Information and Event Management (SIEM)
A SIEM system allows you to take event data from multiple sources, like servers, PCs, firewalls, and routers, and collect and collate all that information in one place. This centralized reporting allows you to spot trends easier and see patterns that might be out of the ordinary.
By centralizing the storage and analysis of logs, a SIEM provides almost real-time insight into the network and allows security personnel to take action against detected threats more quickly.
A SIEM can also assist in forensic analysis of a data breach or security event after it occurs.
Training (Administrator and User)
Training is critical to maintaining a secure computing environment. Without training, users may compromise data through ignorance of an established policy or procedure, or fail to notify the appropriate personnel of a suspected or confirmed breach.
Administrator training helps prepare the local administrator to deal with the most common security related issues that may arise on a day to day basis, while user training is focused on security best practices including basic information security and strong password selection.
Unsolicited Commercial Email (SPAM) Protection
Unsolicited commercial email, or spam, is responsible for countless dollars in productivity lost and hundreds of hours of wasted time. UCE Protection systems help to filter out the unwanted mail while ensuring that the messages you need to receive are delivered to you for your review.
UCE Protection systems also help to reduce the threat of viruses and other malware making their way into your networks through email attachments and malicious links.
Vulnerability scanning can come in several forms. Some scans are focused on the network perimeter and are designed to ensure that your routers and firewalls are configured correctly to block unauthorized traffic. Other vulnerability scans are focused on applications and operating systems and are designed to seek out unpatched bugs that may allow intruders access to your systems.
A good vulnerability scanning suite will provide a robust mixture of various types of scans and provide a detailed analysis of your overall information security health.
Web filtering is essential as a first line of defense against malware intrusion. A good web filtering application will block known malicious sites and prevent end users from accessing those sites before harmful content can be downloaded to the workstation. Additionally, web filtering can assist in maintaining a productive workforce by eliminating sites that are not aligned with the business and its goals.