Confidentiality, integrity and availability, better known as CIA, have long been the security foundation of large enterprise information security; however, it has (to say the very least) become an illusive ideal for many SMEs.
So how can companies improve their security postures, addressing those CIA issues in a cost-sensitive and effective manner? For one, businesses should not only address technical requirements but also policy and procedure (these are the building blocks for implementing technical controls).
In order to achieve security nirvana, SMEs should take a few steps back and look at the following:
* Data availability - many start-up companies` systems feature distributed data and subsequently informal procedures to cope with CIA issues. But, the reality is that they need to ensure data availability from the start. The bottom line is if anything else fails, data must still be available.
* Data integrity - recovery from malicious assaults, be it unintentional or through a virus infection, is costly and time-consuming. Suffice to say the recovery costs far outweigh prevention expenditure.
* Confidentiality - access control based on user roles should also be taken into account. This assumes that you already have distinct security classifications such as "public", "confidential" and "sensitive" in place. The logical steps from here are to provide access control to data, thus ensuring that sales, for example, can`t access HR`s sensitive records.
Another confidentiality issue is e-mail security. The reality is that sensitive information traverses the Internet without any shielding from possible snooping. It`s basically like posting a postcard with the ingredients for ever-lasting youth and the postman patents it.
So, how do you address the above issues? The first step would be to deploy a desktop DNA solution that includes configuration setting, systems and application settings, network and printer setting as well as data files, folder, e-mail address books and so forth.
Computer Associates` Unicenter Desktop DNA enables organisations to provide an efficient, cost-effective, controlled change management process for specific PC events. Unicenter Desktop DNA increases technician and end-user productivity by managing and preserving PC DNA during hardware refresh, system upgrade, desktop recovery and other change initiatives.
Add to that CA eTrust Antivirus and PestPatrol and you have a solution for desktops and servers that will not only protect the environment for file infections, but the users from identity theft.
Finally, CA`s BrightStor ARCserve Backup and ARCserve Backup for Laptops and Desktops ensures your distributed data is centrally backed up and available for recovery.
By taking the above step and then rolling out the right solutions, you`ll be firmly on your way to achieving CIA, even if you`re a start-up with little IT budget.
Share
Editorial contacts