Why are IT security threats a subject of critical importance to companies?

Very few organisations know what sensitive information is outside their control and what the real risk is.

With the increase of services like email, web access, home working, mobile phones, PDAs, duplicates and many other possibilities, the internal risk that sensitive information will be abused increase. This can be an attack by criminals but also by carelessness of an employee.  Think of the loss of a memory stick or laptop or publishing data on a social site.

Also crime rises when economies fall so recessionary times imply that the threat risk will increase.  The number of malware in 2008 was 800% higher than in 2007...

Until now we protected ourselves by using anti-virus, anti-spam, firewalls and detection systems.  This method is based on control of knowledge gained during historical incidents.

Meanwhile a lot of security breaches appeared in the newspaper because of thefth and other information leaks.  So we can conclude that we need an additional approach to protect our sensitive information.

For security InfraVision has chosen for the products of McAfee. McAfee has a complete focus on ICT security and a wide range of products which belong all to the best in the market.  In addition, the central administration means relatively low deployment and maintainability costs.

But tooling is never the solution on its own.  Infra Vision has a concept to protect sensitive information based on actual risks.  This approach ensures embedded security and guarantees the level of security within the organisation.

InfraVision has the expertise in implementing McAfee's Security Management tools. 

 

Important steps in Security Management initiatives;

1 - Security Risk Management (Awareness) Training:

This training helps CEO’s, CFO’s and Managers to understand where the security threats come from.  Show the current approach and possible security steps to mature the security.

• Is it necessary to improve security?
• Do we any idea about the risks?
• Where are the risks?
• What are the costs when sensitive information is abused?
• What is the impact for organisation and users when security will be improved?
• What are the trends in the area of cyber crime?
• What is the responsibility of IT?
• What is the responsibility of the users?

2 - Security Assessment secures data:

Every organisation has information that should be kept confidential.  But what exactly is that sensitive information?  But who is using it and where it resides is often unclear.  This knowledge is important before a plan to improve your security can be made.
To help you gain insights we use a monitoring system to learn a lot about the use of information within your organisation.  Things like (unsafe) use of email, visits of social networks, but also use of dirty words can be discovered.  As long as you don’t have this knowledge you cannot guarantee the quality of you IT security. Based on the knowledge we are able to build an effective security policy.

Questions that will be answered:

• Where is our sensitive data?
• Which user is using sensitive data?
• Are they allowed to use this sensitive data?
• How many duplicates are stored and where are those copies?
• What is the data that need more security?
• Are users using USB sticks?
• And what is copied on it?
• Do users send information to private email accounts?
• Are the users visiting social sites like Hyves?

3 - Policy definition:

When the sensitive data and data streams are discovered we classify the sensitive documents and define a policy.  This policy is a description of access to information, encryption, classification of information and measures to prevent leakage of sensitive information. Infra Vision Security uses its experience in setting up service organisations in order to define the policy and to fit into your IT service provision.

Questions that will be answered:

• What data should be secured
• What is the security level?
• Who has access to the data?
• What processes should be in place
• What if scenario’s
• What  should be done in case of emergency

4 – Implementation:

When the Policy is defined we implement the policy.  By managing the project in a proper way we are able to increase the security in easy steps with involvement of the organisation and minimal impact on users.

Questions that will be answered:

• What are the steps
• In what time frame
• What processes should be defined
• What are the responsibilities?
• Which tooling is needed?

5 - Technical implementation

InfraVision is certified partner of McAfee. InfraVision delivers implementation support for:

• McAfee ePO (upgrade) installations (management for McAfee which is not restricted to McAfee products)
• McAfee EndPoint Encryption (hard disk encryption and/or file-folder encryption)
• McAfee Device Control (management of use PC ports)
• McAfee Data Leakage Prevention (policies regarding secure data)
• McAfee Secure Memory Sticks

6 – McAfee Licenses:

For security InfraVision has chosen for the products of McAfee.  McAfee has a complete focus on ICT security and a wide range of products which belong all to the best in the market.  In addition, the central administration means relatively low deployment and maintainability costs.