sb-au logo
Story image

CompTIA: Navigating the decision-making process of an IT security engagement

12 Apr 2017

​Today’s IT environment is ever-changing.

According to industry group, CompTIA, unless businesses can ‘effectively navigate the evaluation, purchase, implementation and ongoing management of security solutions and processes,’ they will be at an increasing risk of security breaches.

CompTIA Channel Dynamics and ANZ community director, Moheb Moses says new technologies such as cloud, mobile and big data are enabling digital organisations that rely on technology to not only support operations, but to also drive business outcomes.

“These outcomes may include improved productivity, increased revenue, service innovation and competitive advantage,” Moses says.

“As a result, systems and data have never been more valuable or at risk of attack. What’s more, the threats are changing daily, making the evaluation and purchase of IT security solutions a complicated and challenging endeavour.”

CompTIA have put together a list of questions for navigating the decision-making process of an IT security engagement, which include:

1. What is the organisation’s IT security risk tolerance?

Back in the day when the majority of a company’s technology was on-premises, any data classified as confidential could be placed behind a firewall. Today to cover all bases is simply too expensive, which is why Moses asserts it’s vital to perform a risk analysis to determine the probability of a risk, estimate the potential impact and determine mitigation strategies.

2. What new tools are available to improve security?

There are many new tools arising every day that businesses should consider when updating IT security. While firewalls may not be a complete solution anymore, Moses affirms they are still a crucial piece of the toolkit. There are also many new tools and technique that business might use as they expand their IT footprint, like data loss prevention, identity and access management and enterprise security intelligence.

3. How is the human element addressed?

At the end of the day, employees still pose a significant threat to IT security. Moses says employees that are not following policy or simply do not have the expertise to notice securiity issues are usually the main cause of breaches. The obvious solution to this problem is educating employees, but companies may need help delivering such training.

4. What is the organisation’s current IT security risk profile?

Moses says one of the best ways to assess this is via a third-party security consultant, as they have both detailed security knowledge as well as real-world experience to help discover which security holes exist in an IT environment and which need patching. If they’re unwilling or unable to invest in an external audit, then Moses says the best alternative is a self-assessment to get an idea of where the company stands on the path to best practices.

Story image
Organisations investing significant time modifying web application firewalls to keep ahead of cybersecurity threats
"The sheer amount of traffic and potential threats can ensnare resources and impact the ability to introduce greater precision to those key systems."More
Story image
Ping Identity announces appointment of new VP of R&D
In his new role as head of research and development, Burke will be expected to drive product strategy and development across Ping Identity’s entire suite of solutions.More
Story image
ExtraHop reveals methods used by attackers in SUNBURST breach
The network detection and response company says between late March and early October 2020, detections of probable malicious activity increased by approximately 150%, including detections of lateral movement, privilege escalation and command and control beaconing.More
Story image
Ingram Micro advances dedicated security practice with new hire
Lazarus has strong advice for all resellers. He says, “If you’re not talking security as part of every customer engagement, you're not having the right conversation.”More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Story image
How to stay ahead of the next cyber breach
With so many people working from home, the corresponding surge in app usage, unmanaged devices, web traffic and accessing internal resources is making security a much trickier prospect.More