CYBER SECURITY INFORMER - news and tips to help you stay safe online and protect your network

Decision Makers' Checklist for Cyber Security

When it comes to building security into your network, website and applications, the number of factors a manager must consider can seem overwhelming. Without a checklist, the decision-making process can get held up and security vulnerabilities may develop as a result.

Whatever solution managers are considering for their cyber security needs, they need to ask themselves the following questions before they buy:

1. Am I clear on the business needs and priorities?
You’re thinking of investing in several piecemeal fixes to your network that your IT department discovered almost by accident last week while running a server upgrade. But perhaps what you really need is a network security assessment to get a more comprehensive report on your vulnerabilities and recommendations about which problems to fix, according to a systematic priority list. After all, the issues identified from a quick spot-check could be just the tip of the iceberg.

Different needs can require radically different solutions. Make sure you know what you need before you buy.

2. Can I afford to buy the technology?
This is an obvious consideration, but IT budgets are often a bit jello-like when it comes to long-term planning.

Budgeting for a technology solution is tricky especially as business requirements seem to be an ever moving target, impacting the cost and time as the technology may require additional modification to support these changes. On the other hand, technologies are also ever evolving. Sometimes the decision to defer purchasing can save effort as a future release supports the functionality required.

3. Can I afford not to buy the technology?
If a technology solution could help you meet your data security compliance requirements today, at lower cost than competitors, why would you hesitate? Contracting a security solution takes time and careful consideration, but when you do find the solution that meets your requirements, it’s time to act.

4. Are there other ways to benefit from the technology than just what’s written in the brochure?
A shrewd manager can find multiple business advantages to a “single-purpose” technology. For instance, a company that invests in a web security solution can now develop a marketing campaign about how much they care about their customers’ privacy. An investment in better security could pay off with increased sales, in addition to the benefits already realized from protection of business operations and revenue stream.

5. Will you get the support you need?
Does the company you’re thinking of dealing with offer support to customize their solution for your company’s unique IT environment? You’ll want to find out just how helpful their helpdesk really is during set-up as well as over the long term.

If bugs pop up after initial deployment, you’ll want to ensure someone is there to handle any issues that crop up. Get an idea of their support capabilities and customer service before you sign that contract on the dotted line.

In the next issue of Cyber Security Informer, we’ll be continuing to profile organizations that are helping make the world a more secure place. If your organization is doing its part to build a more secure future by protecting partners, customers, website visitors and application users from cyber crime, contact us today at info@pcis.com

Network and Web Application Security Webinar April 29

When your network or web applications get hacked, your revenue stream evaporates. Security is essential for keeping your business running. So how do you protect your computer systems?

The Need for Network and Web Application Security Webinar by PCIS aims to help  managers understand the complex and changing cyber-threat landscape and how they can maintain business continuity through better security. 

How to Register: To register for this free webinar, go to http://boonbox.webex.com/meet/boonbox Click the "Register" link on the right in the Status column and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.

Date/Time: This webinar happens on April 29, from 8:30-8:45 am Pacific Time. 

Who Should Register: This webinar is a great opportunity for CEOs, managers and SMB business owners.

Webinar Synopsis: The Need for Network and Web Application Security a discussion of network security and web application security concepts, an overview of the cyber-threats, and basic strategies on how to protect your systems with network security assessments and web security assessments.

Webinar Agenda:

* Hacker Threats Basic Overview
* How the Threats Impact Your Business Today
* Network Security Assessment – A Roadmap to Security
* Web Security Assessment – Keeping the Hackers Away
* Questions

April 28, 2009

Cyber Security Informer is distributed by:

Pacific Coast Information Systems Ltd. (IT Consulting)

Boonbox, a division of PCIS (Security Packaged Services)

Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* Decision Makers' Checklist for Cyber Security

* Network and Web Application Security Webinar April 29

* Hacker Bait 

* Ask A Security Expert

Cyber Security Informer provides security news and tips to help organizations protect their business and their customers. 

Give us your feedback about Cyber Security Informer

Name

*

Company

*

Phone

*

Email

*

Feedback

Please tell us how you found out about PCIS

Please Select One - - - - - - - - - - - - - - - - - - - We've done business with PCIS before A PCIS representative contacted meWord of MouthSearch EngineLink on another websiteNews Article or PublicationPrint AdvertisementOther

 Resources Links:

• Get more IT Security Resources
• Experience and join the discussion about tech trends and IT security on the Pacific Coast Informer Blog
• Managers’ Cheat Sheet for PCI DSS
• Types of IT Security Threats and their Consequences
• This Site May Harm Your Computer - How to Remove the Google Website Warning

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

Hacker Bait

The latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit. 

This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

Ask A Security Expert

"What is a penetration test?"

A penetration test (or "pen test") is a way of checking the security of a network or application by simulating an attack.

A penetration test can be classified as black box, white box, or gray box.

In a black box test, the tester is given no information about the network, to simulate an attack by an outside-hacker. They will first have to investigate the system they are attacking, and then attempt to exploit it.

The white box penetration test can simulate an insider attack. The tester is given comprehensive system information such as account information and passwords.

In a gray box penetration test, the "attacker" is given some information, but not comprehensive data they could use to exploit the network. Even with partial information, a hacker could have much more success in investigating system vulnerabilities and exploiting them.

Organizations should conduct regular penetration tests, either on their own, or (recommended) as part of a more comprehensive security regimen. This will help ensure better security for legacy systems as well as new infrastructure and applications.

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558