IT Security Risk Management

Using technology is a joy for most people. You can do so much with technology which was simply not possible decades ago. In many cases, the more you use technology, the more you want to use technology. You learn about different ways in which you can get things done, or you start to desire something, and you are not sure as to how to get it through technology. This is when you might want to call on IT support.

The first thing any IT support will do when providing you with assistance is to give you an assessment. There are a few different ways in which you might get assessed from these professionals. You may get an assessment which involves you answering a lot of questions about your system. You will undoubtedly be asked what it is that you would like to do with your system. You will then have to give the IT support access to your system so that they can decide on what advice to give you in regards to providing you with what you want to do and how you want to do it.

When IT support at asks you about your system, it is possible that they will ask you technical questions. It is more likely that they will ask you about the problems that you are encountering that you are looking to have resolved. In these cases, they will ask you what you are doing which is causing you problems or if the issues are general with the system. This will provide a base from which they can build.

Confirmation if there are already existence of trojans, worms, viruses, spyware on the office servers, these are very damaging viruses or trojans, these threats can infect your network and possible spreading via e-mail, FTP, and network sharing drives. Further, they can also be transported via portable hard disk, USB Thumb drives, DVDs, CDs carried by office personnel.

Confirmation if there is a firewall. Firewalls provide more flexibility and capacity expansion in the network design. If there is a business requirement to have Internet-facing servers, a firewall will allow the creation of separate network segment to house these servers and at the same time provides network security.

Assurances there are no weak points in the network, e.g., modem connecting to the servers and PCs. This can be the backdoor for intruders to penetrate the office network.

Other security controls such as confirmation if the wireless network is encrypted, unnecessary services running in the servers, authorized personnel have access to critical data (Not everyone!), nonbusiness software which may have viruses.

Existence of a Security Policy

The responsible IT personnel can then provide more information on the state of IT security in the offices. Further, a more detailed proposal if additional/reconfiguration servers, applications, and equipment such as UPS, Gen-Set, Fire Suppression System to better support the business.

A more detailed study to review if the existing servers, storage systems are capable of supporting the current business requirement and future expansion.

This is my view of a Security Assessment based on my experience of setting up IT strategies of merging companies. Of course, there will be a lot to review once the on-site audit/assessment is carried out. An IT Auditor/Security Consultant can then provide a more precise recommendation on the most feasible plan for the merger.