OUR THOUGHTS ON:

Protecting our Data

Risk Advisory/Internal Audit

By Eric Fair

The thought of firewalls, anti-virus and advanced malware protection is not merely enough to secure our data from today’s attackers. Inevitably, many layers of effective data security controls need to be considered for a collaborative approach in protecting the data in today’s digital world. As organizations seek to secure their data, the following controls should be considered, overlap and be fully integrated:

  • Inventory of Authorized and Unauthorized Devices and Software
  • Secure Configurations for Hardware and Software on End-User Computing Devices (including Mobile Devices)
  • Continuous Vulnerability Assessments and Remediation
  • Malware Defenses
  • Application Software Security
  • Wireless Device Management
  • Data Recovery Capabilities
  • Security Skills Assessment and Appropriate Training to Fill Gaps
  • Secure Configurations for Network Devices
  • Limitation and Control of Network Ports, Protocols, and Services
  • Controlled Use of Administrative Privileges
  • Network Perimeter Defense Mechanisms
  • Maintenance, Monitoring, and Analysis of Audit Logs
  • Controlled Access Based on the Need to Know
  • Account Monitoring and Control
  • Data Loss Prevention
  • Incident Response and Management
  • Secure Network Engineering
  • Penetration Tests and Exploitation Exercises

To assess your defensive strategy, it is important to determine the type of data that may be of interest to attackers, where that data resides, and the level of risk to that data. This will help in determining the layered security needed to help mitigate the risk, slow an attacker, and quickly respond to a preventative or detective control.

Do you have questions or need assistance in securing your organization’s data?  Please contact Eric Wright at 412-697-5328 to schedule a discussion on your specific needs.

© 2014 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2018 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

comments