Secure Your Business!A Blueprint for a Healthy Technology Plan

Presented by:

Robert CioffiDirector of Technology

rcioffi@pro-comp.com

2009

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

Installing confidence

in your network

www.pro-comp.com

Overwhelmed or confused by technology problems.

We are Trusted Technology Advisors for small and mid-sized businesses throughout the NYC metro area.

We design, install and maintainMicrosoft Windows based

networks.We help customers who are…

Frustrated by poor and unresponsive support. Feeling helpless when faced with new IT challenges.

2

3

Secure Your Business: Objectives

Increase Awareness of ThreatsWhat are the potential threats to my financial transactions, intellectual property, customer database, images, etc?

Understand Protection StrategiesHow do I protect my business?

Understand Pressures on ITWhat are the dynamic forces affecting IT?

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

4

Secure Your Business: IT Mgmt Mistakes

It’s the economy, stupid!“Companies using their 2009 performance as a guide are more likely to see 2010 as

another down year, perhaps even lower than 2008…”“…unlike past recessions, CIOs report that transaction and storage volumes continue to grow.  This means that enterprises have to work smarter by working in new ways

than working harder by doing more with less. ”

Source: Gartner, The context for 2010 planning will be challenging, June 22, 2009

Pressure leads to Mistakes

IT is a Cost Center

IT is not well understood

Hyper focus on apps

If it ain’t broke, don’t fix it

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

5

Secure Your Business: Traditional Threats

Natural Disasters

System Failures

Human Error

Human Outsider

Human Insider Most Dangerous

} Most Common

Recent Focus

F.U.D.

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

6

Secure Your Business: Threats 2009

Specific threats affecting business…

PhishingAttacks Spyware Computer

Abuse

DataLeakage

(Accidental)

DataLoss

(Malicious)

Theft & Loss

Rising Costs & Less ResourcesCopyright © 2009, Robert Cioffi, Progressive Computing Inc.

7

Secure Your Business: Budgets

DataProtectio

n

Power

ThreatMgmt

AccessControls

AssetProtectio

n

Policies &Procedur

es

Risk Assessment

provides clear

direction on

Resource Expenditure

s

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

8

Secure Your Business: Data Protection

What’s the most important part of your computer system?The Data!

What’s the right way to protect my data?

TRADITIONAL INNOVATIVE HYBRID

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

9

Secure Your Business: Data Protection

Data Protection Technologies – 2009/10

Server Virtualization

Online Backups

Reduce cost. Maximize resource

utilization. Greater system availability.

Near real-time backup. Versioning and quick

recovery. Low operating costs.

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

10

Secure Your Business: Power

Rising costs of energy saps business.

Datacenters are running out of power

Do more with less – Virtualization?US power: Prone to failure & attack

Costs to build power plants on the rise. Government regulations making it harder. Microsoft acquires local power plant for

datacenter.

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

11

Secure Your Business: Threat Mgmt

Anti-Virus

Anti-Spam

Anti-Spyware

Anti-Phishing

Content Filtering

Intrusion Detection

Firewalls

Prevention Protection Detection Response

Depth in Defense

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

12

Secure Your Business: Access Controls

1. Define resources, and users; what can they access?

Windows Group Policy is an excellent and powerful tool for implementing centralized Logical Security on your network: desktop lockdown, password policies, application options control, and more.

Who Has Access to What?

7. Bio-Scan Technology: Hand readers, Retina scanners, etc.

2. Force users to enter logon credentials to access resources.3. Segregate data into logical areas & assign appropriate access.4. Passwords should be hard to guess & changed periodically.5. Educate users about dangers of social engineering.

6. Periodically check for and install software patches & updates.

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

13

Secure Your Business: Asset Controls

Secure critical components behind locked doors. Computer rooms should be well ventilated and properly

cooled. Restrict access to sensitive equipment to relevant

personnel. Computer workstations can be secured to walls or

furniture. Laptop users should keep an “eye” on their computer at

all times. Asset management systems help keep track of inventory. Remote Device Wipe for Windows Mobile 6.x Devices Windows Vista/7 Bit-Locker – Encrypt the entire drive “Homing Pigeon” Software for lost or stolen equipment

How do I control & manage assets?

Technology Goes Hollywood

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

14

Secure Your Business: Policies

Policies are guidelines for protecting assets. Should be routinely reviewed and revised. Good risk assessment will drive good security policies. Makes expectations of employee behavior &

accountability clear.

Corporate Policies & Procedures

Examples Email & Internet Usage Email signature disclaimers Don’t Ask, Don’t Tell Passwords

Dangers Policies are platitudes

rather than a decision or direction

Too restrictive – people bypass

Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

15

Secure Your Business!

Q & ACopyright © 2009, Robert Cioffi, Progressive Computing Inc.