Tuesday, February 03, 2009

Managed Security Services

Leading firms are taking a proactive approach to security and using managed security services to reduce their IT related risks. Managed security services typically provide traditional forms of security protection:
  • Network Infrastructure - Physical access to servers, system backups with off-site rotation, encrypting the backup media, and protecting wireless networks.
    Internet Connectivity - protection can include firewalls & Virtual Privacy Network (VPN), intrusion detection and prevention, and remote connectivity.
  • Management - incident response plans, patch management, and change management processes.
  • Employee Management - policies and procedures, passwords, protection against social engineering, locking down USB thumb drives, handheld PDA's, encrypting laptop hard drives, etc.
  • Document Management - protection includes access privileges, document retention and archiving, encryption, etc.
  • Electronic threats - protection from anti-virus, anti-spyware, anti-popup, etc.
  • E-mail & Communications - anti-spam, e-mail archiving, instant messaging (IM), and archiving.
  • Risk Management - risk evaluation, business continuity planning, testing, etc.
While managed security services provide the initial layers of protection against IT related threats, they should be supplemented with security assessments and audits. Assessments and audits help ensure the organization's security expenditures are properly allocated to the most important areas. In addition, assessments and audits help protect the organization's intellectual property and its image and reputation.

Labels: , ,