Smart SoHo: Looking For Trouble
Think you've secured your office well? Time to put your money where your mouth is
Related Stories:
Nimish Chandiramani
If you’ve been following these pages closely (and we hope you have), you’ll have noticed that we’ve talked a lot about security—it’s a huge concern for any organisation, and it’s something that requires constant attention. If you’ve been taking our advice then, you ought to have an effective security solution in place for your office. Or do you?
You see, implementing security solutions and policies is only the first step. Every once in a while, you need to verify that you’re security solution is doing what it’s supposed to. Perhaps more importantly, you also need to know whether everyone in your team is following the security policies you’ve so lovingly prepared.
Check-up Time
To ensure that everything’s all right with your security arrangements, you need to conduct a security audit. There’s no strict definition for the term, but like any other audit, the basic idea is to examine the truth of a claim—the claim, in this case, being that you’re safe from security threats. You might think that “Security Audit” is just a glorified term for sitting with a checklist—to a certain extent, it is. However, the seemingly mundane task of checking items off your list will let you know where you’re going wrong with security, and help you formulate a better solution.
In the corporate world, security audits are carried out by a crack team of experts, who usually come at a fee that can run close to a lakh for a single consultancy. While some aspects of an audit can only be performed by security experts, you can do a fairly effective—and very cheap—audit yourself, too.
The Elements
So how does one go about a security audit, anyway? Simply put, it’s like we mentioned—knowing how your security solution should work, and checking to see if that’s how its working. It’s very important, then, to put your security policy down on paper—which programs are allowed to run on PCs, which users get access to which resources on your network, and so on.
Then comes the risk assessment—figuring out how important a security issue is. Consider the scenario that a laptop is stolen. On a scale of 0 to 10, the probability of this scenario is, say, 3. Now, on a scale of 0 to 10 again, the damage this scenario could cause is, say, 8. The risk of a particular scenario is the product of the probability that it occurs and the damage it could cause if it did. The higher the risk, the more measures you’ll need to take to bring it down. The numbers expressed here are random—you’ll have to assess your own situation (how scatterbrained is the employee with the laptop, and so on) and arrive at your own values. There’s no formula involved here, and it’s far from an exact science. The idea of the risk assessment is more to help you prioritise tasks.
But we get ahead of ourselves here. First, we need to prepare for the audit.
Recommended Stories:
Nine government sites hit by cyber attacks: NIC
The National Informatics Center (NIC) has revealed that as many as nine government......
Flipkart announces its acquisition of LetsBuy
Flipkart has indeed acquired LetsBuy, for an undisclosed sum. LetsBuy's founders and......
Google to launch Drive cloud storage service...
Google is looking to launch its own cloud storage service in the near future, according......Tag Cloud
- skype
- amazon
- microsoft
- firefox 4
- flash player
- security
- google plus
- iphone
- mozilla
- yahoo
- development
- internet
- ria
- web development
- google docs
- chrome
- google search
- google chrome
- browsers
- gmail
- javascript
- internet security
- firefox
- doodle
- html5
- linux
- hacking
- browser wars
- google doodle
- hack
- adobe flash
- bing
- opera
- mozilla firefox
- ir
- open source
- digit magazine
- adobe
- flash
- social networking
- youtube
- internet explorer
- google+
- browser
- apple
- android
