What IT managers need to know

Johannesburg, 11 Nov 2004

A lot has been said and written about adopting the best practices approach towards securing company information technology assets. However, most companies are still merely securing IT systems and networks with point solutions, meaning merely solving the identified problem in an isolated manner. This bit-by-bit plugging of the holes results in a lack of an overall view of the real risks faced by the organisation on a daily basis, or knowledge of whether the solutions implemented are working effectively or not.

Despite a growing recognition of the importance of IT security, IT budgets are not necessarily increasing commensurately and it is therefore vital for IT managers to follow a pragmatic approach to security in order to derive the maximum value for security spend. Such an approach allows for catastrophic risks to be removed from the IT environment and for results to be measurable and proven.

Key to a pragmatic approach to IT security is having the correct information so informed decisions can be made around where to spend the limited IT budget and on what. It is also important for IT managers to understand the consequences of the risks, and not just how to name the risk. This understanding ensures that educated decisions are taken regarding which threats to prioritise and which need immediate attention.

Essential mechanisms for gathering this decision-influencing information are automated vulnerability scanning and management systems and employing the services of a reputable managed security services provider (MSSP). MSSPs are able to offer a comprehensive security event monitoring and analysis service aimed at identifying both internal and external attacks on the IT assets of an organisation. It has been found that when deploying these two mechanisms - automated vulnerability scanning and the services of a MSSP - positive results are visible within 24 hours due to the information received. Network performance has also been shown to improve by up to 30% in those first 24 hours, as previously undiagnosed virus activity in the environment is identified.

These quantifiable results provide a good example of where intelligence can facilitate management of IT organisational risks while converting to a bottom line benefit.

NamITrust

NamITrust is the enterprise security solutions provider within NamITech Limited, specialising in the monitoring and management of security in the digital domain. This focused division offers comprehensive managed security services including managed PKI, intrusion detection and non-repudiation of transactions. NamITrust operates out of the only seven tier secure facility in Africa.

NamITech is a leading provider of secure business solutions and is a subsidiary of the multibillion-rand JSE Securities Exchange-listed Altech group of companies. It has an established reputation of credibility and integrity, and operates out of two centrally located premises Johannesburg.

For further information, visit www.namitech.com.

Editorial contacts