Design a Secure Network Now

Imagine a scenario in which one of your employees is sitting at their desk, diligently working on a document when they receive an urgent call. From the “IT Department.” They’re told that their system has been compromised, and they need to take immediate corrective action to save their company (and their job) from ruin. So the employee dutifully handles over highly confidential information like IP addresses and passwords, for how could they not trust the IT Department in an emergency? This results in a malicious and devastating cyberattack on the company’s core assets.

Think of this as examining the two great physical assets most organizations possess: their systems and their people.

Examine systems (on-site or off) to document what assets you manage. Many IT managers are shocked at what they find (e.g., applications that are not currently in use; servers that are extremely under allocated). As the MSP or IT provider, you need this information, and it will likely enlighten your client as well.

Interview employees to learn what they know and what kind of guidance they’ve received. What policy documentation is in place? What kind of training on IT security have they received?
A systems inventory is critical, for how you can protect assets you didn’t know you have? And how can you optimize environments without knowing what they contain?

Policies and training are also important, as employees are often the “weakest link” and are the least controllable asset in a company’s possession.

Second: Workshop Needs & Plans
This is a step that is easily missed, and it's the job of the MSP to point out to upper management that there is a need for your services. When MSPs point out a need, they need also to provide the solution. Once there is buy-in from the decision makers, MSPs need to communicate what needs to be done, the steps to do it, and any internal resources that are needed for alignment and execution.

The best way to do this is:

Interview key management
Run workshops with managers
Carefully document these meetings and ask management to review and approve your mutual conclusions.

Third: Audit to Identify Vulnerabilities
To prevent intrusions to your clients' networks, it is critical that an audit is executed. Security gaps need to be identified, defined, and classified in terms of severity.

An audit accomplishes many things, including the following:

Provides the most comprehensive understanding of your overall security posture
Prioritizes risks and fixes to those risks to reduce exposure
Increases the integrity of your entire environment (physical assets and employees)


Comments

Popular posts from this blog

Implementing Core Cisco ASA Security (SASAC)

Netware Makes a Splash

How CrackStation Works