Security Auditing - Protecting Your Intelligence

Across the globe, staying ahead of the rest is no longer just about being the biggest and best, it is also about being able to offer clients a high level of security and reassurance that confidential information will not be disclosed to unauthorized parties. Without an effective informational security system in place, a business's underlying franchise can be swiftly eroded and revenue streams jeopardized.

No one is immune to the dangers. Millions of dollars worth of revenue are lost daily through fraud, intrusion and viruses, even at the high end. Microsoft's password-protected beta test site, was hacked before it hit the market forcing the issuance of new passwords to more than 20,000 members of its developer networks. Its new versions of .NET, Windows XP and other software were also downloaded without authorization and the security of its free email services - Hotmail - was breached forcing the company to outsource its security auditing.

Large and small companies alike are constantly facing the threat of cyberattacks. Sophisticated viruses such as worms can rampage through networked systems worldwide. Internet and dial up connections can allow hackers into confidential areas. Social engineering - breaching an organization's security by interacting with its personnel - can extract passwords and confidential information. These are all ways that can used to access confidential facts and figures and threaten the very substance of a company and its operations.

Protecting a firm is first and foremost about conducting an audit of existing systems, standards and procedures and then identifying a series of proven guards and measures that can enhance security and reduce the vulnerability to attack. Solutions come in many forms but in the main, comprise firewalls, virus detection, threat management and deception systems, secure servers and resilient platforms.

Firewalls are used to protect internal systems and provide a gateway to guard against unauthorized persons gaining access to a network. Just having a firewall doesn't mean though that security systems cannot be penetrated. Other controls are needed including logical access controls and physical security. Personnel should only be able to access secure areas of the company (physical or virtual), on a 'need-to-know' basis and only through a unique password. Intrusion detection systems support the firewalls. These review system logs and processes in near real time and alert management to known patterns of behavior that indicate an intrusion is occurring or imminent. These also are not fool-proof but can scan large volumes of logs for pattern identification and trends.

Encryption also plays an important role by increasing the security of transactions, providing confidentiality and ensuring that a transaction has not been tampered with. Likewise, backup and recovery are also components of any package. Companies that don't have adequate back up and recovery systems can waste large sums of money trying to retrieve lost or tampered data which can negatively impact the reputation of the firm and customers' confidence in it.

Many companies now specialize in security auditing and associate solutions and can provide tailored packages that meet the specific needs of the institution rather than broad based, off-the-shelf solutions. But large or small, protection systems are a must for all companies working in cyberspace. Cybercrime has no borders and no limitations. The informational security threats that the Microsoft and IBMs of the world face, are equally a threat to small firms in other parts of the world. Protecting your business intelligence and building a relationship of trust with your clients is - given the pervasive nature of technology - essential to surviving in the Internet age.