IT Security Threats and How to Overcome Them (Part 1)
Here’s what you can do to protect your organization before it happens to you.
NOREX members share recommendations for effective detection and prevention of IT security threats.
Nearly 100 member organizations recently participated in a WebForum hosted by NOREX focusing on IT Security tools. We started with an overview of the participant’s awareness of their “security posture” and the types of threats they have encountered.
Here are some suggestions that were provided during the session:
Convincing upper management to invest in security products
- Execs will not feel concern unless there is an actual breach.
- I do think if you have penetration testing performed and you can show execs that there is risk as a result of those tests, it can be beneficial rather than just talking about risk.
- We used Praetorian to do a security audit. We are now using Dell Secureworks for managed security services.
- We are dealing with a interesting Phishing scheme — instead of spearfishing our execs, they are using fake users names for our company heads to try to order parts/products to outside vendors. And get the items charged back to our company. Resolution in this case is strong relationship with our vendors to have a strict ordering process in place from our Procurement dept.
Resources recommended for guidance establishing/maintaining effective IT security
- We use the CIS Critical Security Controls as our overall guidance:
- This is the web site for the CIS Critical Security Controlshttps://www.sans.org/critical-security-controls
- We use a layered security approach:
— Next Gen Firewall
— Web Filtering with Malware Protection
— VLan ACLs
PCs / Laptops
— no admin rights
— application white listing
— complex passwords
Follow us on Medium for Part 2 of this article where we provide a free list of tools and resources recommended by our members.
NOREX on Social Media: