IT Security

Security_Logo_350x263

When it comes to IT security provided by IT Systems, Tech Viable is no slouch. We live by the code of the CIA Triad, which defines an IT system’s ability to protect the confidentiality and integrity of data while ensuring its availability of  your IT systems and data.

 

IT security Standards:

The two most regarded security standards that specifically focus on IT security also refer to other qualities beyond confidentiality, integrity and availability (CIA), however the latter three are generally considered as the foundational security qualities. These additional features like authenticity, accountability and non-repudiation can be considered as subsets of the CIA triad models foundational qualities, but are in no way shorted from the overall goal of security when working Tech Viables IT Security services.

  • ISO 27001 standard (successor of the ISO 17799)
  • NIST 800 standard series..

ISO 27001

IT Security is defined as the preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved [ISO/IEC 17799:2005]

NIST 800-30

IT Security is a system characteristic and a set of mechanisms that span the system both logically and physically. The five security goals are integrity, availability, confidentiality, accountability, and assurance.

Whatever we do or don’t do carries a risk

We understand that if something was made…it can be unmade, which therein lies the inherit risk of IT security. It should be noted that no matter what is done or not done when it comes to security there is a risk in any action taken regardless how much effort is put in to securing IT systems and data. The best approaches are taken using the above standards to ensure that the IT security is unbreakable as possible. There will always be new threats introduced all the time as the “bad guys” are constantly looking for ways to get in, steal or vandalize. We do our best to stay one step ahead and keep your systems safe and secure.

Our IT Security takes into account that proper IT Security can be defined as the IT Security system’s ability to protect confidentiality and integrity of processed data, while providing the needed availability of the system and data, the accountability for transactions processed, and the assurance that the system will continue to function as intended and meet its objectives.

Non IT Security Systems concepts

It is important to note that information can be processed and transferred in many different methods and mediums, such as paper, or a telephone or meeting conversation. Tech Viable provides best practices to ensure everyone knows what are the best practices for being as secure as possible with the typical Non IT related security functions.

Additional Threat and Risk Concepts

In IT security a risk is the potential to lose one or several of the key qualities described above, with a focus on being a likelihood multiplied by the costs of impact.

A threat is defined as the source of any risk, or that which triggers a risk.  We can best understand the concepts of a threat, by using the terms Threat Agent and its Threat Strength by observing the examples below:

  1. A hacker may be a threat agent, while his threat strength may be his motivation and means
  2. Another threat agent could be an employee, that acts negligently, while the threat strength is his lack of  motivation to deliver quality work and his understanding of security in his work.

Achieving IT Security and The Perception

Due to threat agents and the threat strengths often being unknown or unquantifiable, it is often very difficult to determine the a proper level of defense.

This can also possibly lead to “Security is an objective perception”. This Perception of security can often be  misunderstood as objective security being measurable.

For example:

  • The fear of earthquakes is often reported to be more common than the fear of slipping on the bathroom floor even though the slippery bathroom floor kills more people than earthquakes.
  • Also, the perceived effectiveness of security measures is sometimes different from the actual security provided by those measures. The presence of security protections may even be taken for security itself.
    • i.e.  two computer security programs could be interfering with each other and even cancelling each other’s effect, all the while the owner believes s/he is getting double the protection.

Security Controls

When referring to IT securities protection or defense of systems and data, we refer to counter-measures, which are dubbed  “controls”. A control can be technical such as a firewall or an anti-virus solution, or it can be processes (i.e change management or incident management). Controls can aim at achieving different goals. These goals are influenced by preventative, detective, and reactive controls.

A good example would be:

  • A Safe                  (Preventative),
  • An Alarm System  (Detective),
  • Security Guards    (Reactive).

When applying this to IT security, a proper mixture of these can provide adequate protection at reasonable cost depending on the unique situation of every IT Setup and the goals of the systems. Concerning the above example, we can spend less on the safe, spend a little more on the alarm system, and increase the frequency of guard patrols. Every situation is treated uniquley and handled appropriately to provide the appropriate IT Security needed for your IT systems.

 How Tech Viable Secures your IT

At Tech Viable, we maintain the highest knowledge of IT Security Best practices. Many of our tools consists of such security softwares brands as , Solarwinds, Norton,  Comodo, Nagios and many others used for Software security, as well as Cisco, Barracuda, and others brands for hardware security.

Everyone wants the best, so why not provide it. Our security solutions offer the best of now and later, making sure your systems are safe from threats inside and out.

We strive to provide a proactive approach to IT security, catching the risks and threats before they happen. Its much more cost effective this way, and efficient as well.

Reference

Taxonomy: http://www.cs.ncl.ac.uk/research/pubs/articles/papers/666.pdf

NIST: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

ISO: http://www.iso27001security.com/html/iso27000.html