One of the Leading Concerns of Today's Businesses

953 WordsJul 15, 20184 Pages
Security continues to be one of the leading concerns of businesses today. With increasing interconnection of networks, extending work outside of the traditional office, and electronic commerce with customers the vectors for attacks are growing. A carefully crafted security policy is the first step to securing your enterprise. Upon review of your current business practices we have several recommendations to help increase your security posture. Social Engineering Social engineering is the practice of utilizing known information to misrepresent oneself for the purpose of broaching a company’s security. The popularity of social engineering has a method of hacking is exploding. In the 2013 Verizon Data Breach Investigations Report it was…show more content…
And greatly simplifies administration. Enterprise traffic can be isolated within the LAN, customer traffic restricted to the DMZ while authorized remote users can be given access to any segment behind the firewall. Review and Assessment Security improvement is an ongoing process not a goal. New avenues for attack are being found rapidly, and the United States Computer Emergency Response Team (US-CERT) is one organization that tracks an announces them. The magnitude of security vulnerabilities can be staggering. US-CERT announced 36 high, 56 medium severity, and 18 low severity attacks discovered in the week of March 3rd alone (2014). Maintaining a continual security posture is critical to staying ahead of the vulnerabilities. With the number of new attacks constantly on the rise even the most seasoned IT security staff can overlook a vulnerability. To assist your staff in reviewing the security of your infrastructure a vulnerability assessment is a valuable tool. There are many free and licenses software packages such as Nessus and Metasploit which can be loaded onto a workstation and left to run. These packages run through a library of known vectors of attack against your network equipment and servers. You are then presented a report showing a list of attack successes and suggested mitigation steps. Such software should be run on a monthly, or even weekly, basis by your internal staff against your critical infrastructure. For a more comprehensive
Open Document