Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. SecurityMatters.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.

LINK TO: SecurityMatters.com, home page.
The network security practice of Bennett Gold LLP, Chartered Accountants.


Join the
Bennett Gold
News List:

(enter e-mail)
read privacy
disclosure

Security News Headlines:

SECURITY AUDITS PAY DIVIDENDS

Security planning and training does provide a return on investment, says analyst.

GO BACK to Previous Page.

Source: ZDNet UK
Posted on September 18, 2001

      The widespread perception that security does not offer a return on investment is wrong, according to IBM Global Services. Speaking at a recent briefing, IBM security specialist James Luke commented, "[Installing security products] is not a zero-return investment. Firms need to look at the broader benefits."

      Luke said recovery systems and system audits, which improve network security, can also increase efficiencies in other areas. Recovery systems offer a means of replacing data lost after an attack, but also reduce the time spent tracing and recreating lost files. System audits provide an insight into potential security breaches, and also offer effective inventory management, allowing firms to assess where upgrades are required and to monitor software licence compliance.

      Luke said firms should focus on security education, reporting mechanisms and emergency-response systems. He said that companies should encourage staff to share information on problems, even if problems start with their own machines: "If the first thing we do is discipline people when they report an incident, then they won't report it in future."

      In a separate initiative, security company Integralis is offering companies an outsourced forensics service. The Network Forensics Service will investigate security breaches after an attack, to identify unwanted visitors, compromised servers, dangerous code and back doors. Integralis also details files that have been viewed, copied or modified and gives advice on reconstructing systems. Integralis emphasized the benefits of full system audits. It said that companies should carry out comprehensive system logging and auditing to ensure that log files are checked and reviewed regularly.


RETURN TO TOP OF PAGE.



LINK TO: Site development and design by PLANETCAST.