Our Services | Security Audit

Small Business Computer System Security Audit

What are your computer security concerns & risk tolerance?

For organizations with security issues, known security problems –or worse, unknown security problems the risks are too high to be ignored. The volume of business and financial records is increasing every year in business and they are being stored in electronic formats more than ever before. Now securing confidential company records and client data, as well as providing password and encryption security is not only “nice to have” but also an absolute necessity. Wireless connectivity adds additional complexity and security concerns.

Federal (such as the Patriot Act and HIPPA), and State Identity Theft Acts (such as the Illinois Personal Information Protection Act) are all increasing the liability risk for your business not to mention your own ethical privacy standards. There is also another fundamental reason you should be worried about your data, simply, because without it you are out of business.

While it often seems easiest just to fix a minor problem and move on, open security issues will eventually lead to major business problems including:

• Corrupt or Stolen Information

• Inaccurate Financial Reports

• Permanently Damaged or Lost Files

• Expensive Legal Exposure

Short-term unaddressed security issues hopefully will only cost you only money, but if allowed to worsen possibly your business.

Security Audits...IT Belt & Suspenders You Can Never Know Enough About Your Security

An information security audit is one of the best ways to determine the security of your company's information without incurring the cost and other associated business interruption damages of a real security incident. We audit how the confidentiality, availability and integrity of your information are assured. Here are some key aspects of a comprehensive security audit that you should get answers to for your peace of mind.

Computer Access

• Are your passwords difficult to crack?
• Do you have access control lists (ACLs) in place on network devices to control who has access to shared data?
• Do you have audit logs to record who is accessing data?
• Do you review your audit logs? Who is responsible for reviewing them?

Security Settings

• Are the security settings for your operating systems in accordance with accepted industry security practices?
• Have all your unnecessary applications & computer services been eliminated for each system?
• Are these operating systems and commercial applications patched to current levels?
• Review Anti-virus software & hardware configurations
• Review router configuration and make any appropriate changes to secure unwanted access
• Review any wireless networks and their security settings & ports
• Check each pc for security updates, anti-virus and spyware updates

Data Integrity & Security

• How is backup media stored? Who has access to it? Is it up-to-date?
• Is there a disaster recovery plan? Have the participants and stakeholders ever rehearsed the disaster recovery plan?
• If using VPN, do you have adequate cryptographic tools in place to govern data encryption, and are they configured properly?
• Have custom-built applications been written with security in mind?
• How have these custom applications been tested for security flaws?
• How are configuration changes documented at every level? How are these records reviewed and who conducts the review?

If you are concerned about what you know or don't know about your computer system and want to reduce the risk to your business then  Contact Us.  We can make sure you never waste your time, money or sleep over your computer problems or security concerns ever again.

Systems Design >>>