Information Security - Ignorance Is NOT Bliss

 

Small and medium businesses (SMBs) have always been at a disadvantage when it comes to securing their networks from threats. While the United States is home to over 20 million SMBs, Information Security has largely been the focus for larger enterprises with the budgets to support this specialty. Unfortunately, the risks from hackers, viruses, and spyware are just as applicable to smaller businesses as they are to Fortune 500 companies.

 

Network Security

For SMBs, the overwhelming issue is a false sense of security. The use of the Internet to launch attacks, the involvement of international organized crime to orchestrate identify theft scams, and the variety of methods used to launch attacks has dramatically increased in recent years. The number of malicious websites and the amount of malicious software (malware) being released continues to rise.

Computer network security is all encompassing! It is TeamLogic IT’s mission to ensure your network and data are secure so you can have peace of mind from knowing a team of security professionals is protecting your interests. We ensure that your business has a comprehensive security plan, the appropriate level of hardware and software security tools, and most importantly the training to protect your business.

 

For SMBs, the overwhelming issue is a false sense of security. The use of the Internet to launch attacks, the involvement of international organized crime to orchestrate identify theft scams, and the variety of methods used to launch attacks has dramatically increased in recent years. The number of malicious websites and the amount of malicious software (malware) being released continues to rise.

Computer network security is all encompassing! It is TeamLogic IT’s mission to ensure your network and data are secure so you can have peace of mind from knowing a team of security professionals is protecting your interests. We ensure that your business has a comprehensive security plan, the appropriate level of hardware and software security tools, and most importantly the training to protect your business.

 

The Oregon Identity Theft Protection Act (OITPA) - Oregon SB 583

Are you liable according to the Oregon Identity Theft Protection Act (OITPA)? Having an Information Security Policy Manual (ISPM) demonstrates due care and due diligence on your behalf. This is crucial to reduce your liabilities from the actions your employees do, as well as what they fail to do:

 

Preventative steps: Due care is the care and forethought a reasonable individual would exercise under the circumstances. It is the standard for determining legal duty. Demonstrate your proactive approach to mitigate risk by implementing policies, procedures, standards, and guidelines.

Ongoing steps: Due diligence is the effort made by a reasonable individual to avoid harm to another party, where failure to make this effort may be considered negligence. Implementing and enforcing policies, procedures, standards, and guidelines demonstrates due diligence by your organization.

click to see example

 

Effective 1 January 2008, Oregon businesses that collect personal information from clients must develop, implement and maintain reasonable safeguards to protect the security and confidentiality of the information. This also includes the proper disposal of information as well as having a security breach notification procedure in place.

 

Here are the main points of SB583 - The Oregon Identity Theft Protection Act (OITPA) - and how an Information Security Policy Manual (ISPM) comes into play. According to the OITPA, companies must:

 

1. Designate an employee to coordinate a company security program
    - ISPM contains authorization orders for a Chief Information Security Officer (CISO) position
2. Identify and reasonably foresee internal and external risks
    - ISPM contains a sections on risk management and vulnerability assessments
3. Assess the sufficiency of safeguards in place to control risk
    - ISPM provides coverage of administrative, technical and physical security procedures
4. Train and manage employees in security practices and procedures
    - ISPM stipulates training is required annually for all employees
    - Employees must sign for their equipment and are responsible for accountability at all times
5. Select service providers capable of maintaining appropriate safeguards
    - ISPM provides a section requiring safeguards in dealing with service providers and requires every user

      to sign an acknowledgement form, regardless of their status within the organization.
6. Regularly test and monitor the effectiveness of the security program
    - ISPM covers routine checks of security and an annual audit
7. Be able to detect, prevent, and respond to intrusions
    - ISPM has the focus on user education to make them aware of security to prevent and detect intrusions
8. Enact proper disposal procedures for data
    - ISPM covers the disposal of physical material, including paper and old hardware that contains data
9. Have procedures in place for notification of data breaches
    - ISPM covers the requirements for notification following a suspected or known breach
10. Assess risks to the storage and disposal of information
    - ISPM covers the proper methods of storing data and the timeline for storage based on data  

      classification

 

The Information Security Policy Manual (ISPM) from TeamLogic IT is a robust compilation of Information Security policies that are tailored specifically for the Small and Medium Businesses (SMBs) that are generally overlooked when it comes to Information Security. Highlights include:

- Policies are based on International Standards Organization (ISO) 17799
- Authored by a Certified Information Systems Security Professional (CISSP)
- In-depth coverage of 31 topics, detailing policies, procedures, standards and guidelines
- Covers OITPA, GLBA, SOX, HIPAA and FACTA compliance concerns
- Includes employee acknowledgement form and information security officer appointment orders

- At $435, it is a fraction of the cost as compared to hiring a consultant
 

Vulnerability Assessment

The comprehensive security evaluation assesses your overall physical, technical and administrative security posture. This affordable, yet robust, evaluation will quickly determine if your network is vulnerable to the most common types of security threats. We look at your network through the eyes of a hacker to clearly show weaknesses that are readily exploitable. Our evaluation provides a comprehensive 3-step review:

  • External Technical – vulnerability assessment

  • Internal Technical - security analysis

  • Administrative & Physical - security policy and procedure review

Peace of Mind

We will provide you with an easy to understand report that provides industry-recognized solutions to remedy any problems found. The security evaluation provides details on the specific vulnerabilities, their associated risks, and most importantly a documented fix for the problem. While it is impossible to completely eliminate all risk with network computing, the security evaluation will allow you to eliminating some common risks and mitigate others to an acceptable level.

 

Home
SystemWatch
How IT Works
Managed Services
Data Center
Capabilities
Services
Information Security
MoveIT
Pricing
FAQ
MSP Blog
Locations
Contact Us
 

Home | SystemWatch | How IT Works | Managed Services | Data Center | Capabilities | Services | Information Security | MoveIT | Pricing | FAQ | MSP Blog | Locations | Contact Us

Questions or problems regarding this web site should be directed to beaverton@teamlogicit.com
Copyright © 2008 TeamLogic IT. All rights reserved.