Why do you need a Security Analysis?
All organizations that use computers to help manage and run their business have an ever growing risk of loss due to their increasing dependencies on Information Technologies. Unless you are absolutely sure you can afford to lose your data, let your competition know about your strategic plans, or complete your projects late without suffering financially, you need to address your security risks.
What Security risks are currently affecting Organizations
Many organizations feel that since they are not working on any "Secret" projects, or "Revolutionary" ideas, they are not at any security risk. Unfortunately over 60% of all security losses originate within an organization, either from purposeful action on the part of disgruntled employees, or accidentally as employees go about their everyday activities.
Data in an I.T. system is at risk from various sources—user errors and malicious and non-malicious attacks. Accidents can occur and attackers can gain access to the system and disrupt services, render systems useless, or alter, delete, or steal information.
An IT system may need protection for one or more of the following aspects of data:
- Confidentiality. The system contains information that requires protection from unauthorized disclosure. Examples: Timed dissemination information (for example, crop report information), personal information, and proprietary business information.
- Integrity. The system contains information that must be protected from unauthorized, unanticipated, or unintentional modification. Examples: Census information, economic indicators, or financial transactions systems.
- Availability. The system contains information or provides services that must be available on a timely basis to meet mission requirements or to avoid substantial losses. Examples: Systems critical to safety, life support, and hurricane forecasting.
According to the paper, "Best Practices for Enterprise Security", which appeared on Microsoft Technet:
The term computer security is a generalization for a collection of technologies that perform specific tasks related to data security. Using these technologies effectively to secure a corporate network requires that they be integrated into an overall security plan. The planning process for their proper implementation involves:
Gaining a detailed understanding of the potential environmental risks (for example, viruses, hackers, and natural disasters)
Making a proactive analysis of the consequences of and countermeasures to security breaches in relation to risks
Creating a carefully planned implementation strategy for integrating security measures into all aspects of an enterprise network, based on this understanding and analysis."
What a Security Analysis provide:
Security consultants at AccuTech International, will help you uncover the risks you face with your current I.T. solutions, understand the risks inherent with new technologies you are considering implementing, and design a solution to address these risks.