IT security scanning overview

As long information is the most valuable resourcemanage secure information? If there is a chance
of the company, then it's obvious that when weof copying secure information, e.g. possible
talk about auditing security, we should focus on ITinformation leakage? If there are some persons
security audit. Getting information about thewho is unaware about security measures that are
security procedures in your IT department isused within company? Do users follow an
critical to your business.appropriate password policy?
Are there any common IT security issues thatThere are much more questions about possible
we should pay attention to? IT security auditorsecurity leakages and the must-scan issues. How
should check that the information you are using isto get known what should security expert scan?
securely kept and managed.Well, it depends on how can potential intruder get
Keeping information secure is not a kind of art.your data. It's necessary to use file shredder
There are some major issues your admin should(better if it would be background mode) to make
remember about. First, keep data in secure place,sure it's not possible to recover data.
such as encrypted hard disk. Second, make sureHow to check if users are managing files in a
only authorized persons can access certainproper way? Try to find possible breaks in
information. Third, make sure it's not possible forsecurity. For instance, someone can keep files not
intruder to get your data.in document management system, which is
To make an audit of backup process it's enoughprotected with strong encryption, but on local
to emulate the system crash. How long will it takehard disk, protecting them with easy to crack
to recover the whole system? Will all the data bepassword.
recovered? What will be data lost? Once, auditorCan people at your company use a flash drives?
have these data, it's necessary to compare itIt's very dangerous, as it would be easy to copy
against common industry, e.g. benchmark yourthe sensitive data and take it out the company,
backup process metrics against your colleagues.but again, some business really require information
What about controlling, if only authorized personto be copied on flash drives? What is the solution?
can access sensitive data? It's harder thanTry to monitor the actual information that is
checking up backup. The thing you should startcopies on these drivers. For instance, if user
with is making sure that authorized administratorcopies a password protected files, then it might
have a clear structure of who have access to thebe a possible security issue.
sensitive data, there might be a levels of access,Checking the passwords is another task. Short or
but the whole system must be described clearly.known password will not work. Make sure there is
This is the key part of secure authorization anda copy password policy which tells what
information sharing.passwords are good and why. Make sure people
The most important - how do your peoplefollow this policy.