SECURITY
Barrington
Services believes that a few simple security solutions will never create
a truly safe computing environment. Rather, security should be treated
as a philosophy within an organization and requires well thought-out
and comprehensive methodologies to be continually successful. Barrington
Services carefully examines and considers all phases of technical implementations
and on going operations to build a security strategy that grows with
the client and the ever-changing world landscape.
SECURITY
FOR YOUR NETWORK AND COMPANY DATA
|
Barrington
Services promises you the most immersive security educational experience
you'll ever have. Intense instruction and collaborative learning, you'll
learn exactly what you need to know on the core topics essential to your
security success. Below are the subjects we cover in our comprehensive
evaluation of your company and training.
What
is computer security?
70% of
all computer security related problems stem from human, rather than technical,
factors. A small investment in worker education usually takes care of
most of the human factors. The other 30% are the technical issues that
involve setting up and monitoring the computer systems to insure that
you know what is happening on your systems and can make informed decisions
regarding any activity on your systems.
Your
company policies and guidelines
What
do you want in the area of computer security? Are your computers to be
used for work-related activities only? Will computer game playing and
browsing that isn’t work-related be prohibited? What access, if any, will
be allowed from non-company sites into your computer system?
Social
Engineering
As part
of the worker education process, “horror stories” about the ways that
intruders operate will be shared to reinforce your computer security policies.
Usernames
and passwords for your company
Easily
guessed usernames and weak passwords are an invitation to your system.
There are simple ways that can be easily learned to eliminate the “need”
for usernames and passwords to be written on sheets of paper and left
for unauthorized users to take advantage of.
Data
backup systems onsite and offsite
Part
of keeping your business running is making sure your data is available
when needed. Onsite backups speed the recovery process in the event of
failures or intrusions. Offsite backups insure the integrity of your data
in case of a natural or man-made disaster along with recovery from viruses,
trojans, and other computer attacks.
Integrity
management
The operating
systems you use “should be” the ones you purchased. Verifying that the
system programs haven't been tampered with is essential to maintaining
control of your computer system. The programs that your company uses for
it's daily business are also vulnerable and important to maintaining control
of your system. Monitoring the status of these critical files is essential
to keeping your system operating in your best interest.
Auditing
and logging
When
you have a record of activity on your system, you make better decisions
regarding improvements, upgrades, policy changes, and legal actions. It's
a sound business practice to decide in advance what level of record keeping
is needed and put a system in place that will deliver the data when needed.
Programmed
threats
Viruses
and trojans are programs that invade systems and do things that the owners
of the systems don't intend. Preventing these threats is an ongoing activity
that is needed to keep your assets under your control.
Physical
security
No system
is secure if physical access isn’t controlled. Part of computer security
is determining the level of physical security that is consistent with
your business’ needs and implementing the physical controls needed to
support that decision.
Modem
security
Modems
make an intruders life easy but are a necessary for many businesses. Evaluating
the needs of your business and controlling who can access your system
via modem can greatly reduce the other computer security impacts while
allowing your business to function the way you need it to.
Firewalls
A firewall
is designed to control access to and from your computer system. It is
here that many of your security policies are put into practice so your
workers use your equipment the way you want them to and intruders are
prevented from using your assets in ways that are inconsistent with your
business plan.
Wrappers
and proxies
Occasionally
there are unplanned weaknesses in programs that are needed for your system
to operate. When they are identified; these tools are used to further
reduce the dangers of compromise by adding additional layers of protection.
Discovering
break-ins
Part
of the “Auditing and Logging” and “Integrity Management” processes is
knowledge of if a break-in has occurred. Quick notification leads to more
effective containment of the intruder and will allow your business to
continue with a minimum of disruption.
Legal
issues
Having
a legal strategy in place will shape the plans and procedures to be followed
if an intrusion occurs. Considering the legal options need to be done
“before” the security plan is written and put into place. This way, the
plan is consistent with your business philosophy. Planning is essential
for protecting your resources from unauthorized use.
|