8 IT Security Processes to Protect and Manage Company Data process.st /it-security-processes/ 8/29/2017
Adam Henshall August 29, 2017
According to the Computer Crime and Intellectual Property Section (CCIPS) more than 4,000 ransomware attacks have occurred every day since the beginning of 2016. This represents a 300% increase on 2015. Cybercrime is on the rise and it will continue. In May 2017 the British National Health Service was in crisis after an attack stole extensive patient data and held the NHS systems hostage. However, this attack like many others was not just down to elite hackers breaking through technological walls. Like most attacks, the root cause was human error. The NHS had not updated its Windows XP after security patches stopped being released. There was no process in place to keep the system secure. That is why we have created this Process Street IT security processes pack to help you monitor and protect your organization’s important data. Scroll down to find each of the public templates presented and explained, or explore them straight away in the quicklinks section right here:
1/9
Quicklinks IT Security Processes Privileged Password Management
At the heart of every secure system is a secure set of passwords. However, this is no simple password management tool. If you want 1password then you can simply download it. Regular password management is very important and should be covered in all security training with regular staff, but that’s not the focus of this process. This process seeks to provide protections for the most sensitive of data . Within large organizations who have requirements to keep customer or client data secure, there are often a limited number of people who have access to the data. This process is geared to provide short-term access to someone who would normally not have these permissions. Within the process we have steps for authorization, documentation, and secure management of the access. It is run by the relevant IT professional – IT manager or risk manager – and seeks to provide a non-intensive way of providing high level security. Click here to access the Privileged Password Management process.
Network Administrator Daily Tasks
2/9
The network administrator is often the unsung hero of company operations. Most of the time, the network administrator is the first line of defense against malicious attacks and plays a key role in securing the company. This checklist aims to list a series of key daily tasks performed by network administrators and provide space for those tasks to be recorded. As a result, a network administrator would be able to run the checklist each day and cycle through the different tasks presented in order to cover the recurring basics. With the presence of form fields throughout the checklist, the network administrator could record as much detail as they like for each of the checks they undertake. Due to the highly editable nature of Process Street templates, this process can evolve over time to better meet the needs of the network administrator’s daily routine. Click here to access the Network Administrator Daily Tasks checklist.
Network Security Audit Checklist
3/9
The aim is always to keep security as high as possible. But in order to do this, we have to review on occasion to find out where we’re failing. That is the goal of the network security audit. When vulnerabilities exist in a system they must be scouted out and then tackled. This network security audit checklist deals with hardware and software, training and procedures . The risks a system faces are often down to both human and technical errors, and particularly when the two meet. For this reason, an audit must look to go beyond a narrow focus on one specific area and instead try to capture the overview of all the risks inherent in the system. This checklist has been engineered to be run internally within a large organization, but could equally be employed by a consultancy firm to use in client based work. The repetitive nature of Process Street’s checklist system would make it highly actionable in that environment. Click here to access the Network Security Audit Checklist .
Firewall Audit Checklist
4/9
A firewall audit shares similarities with a network audit. Both require the review and analysis of processes and procedures as much as strictly IT areas. However, looking only at a firewall is a much more specific analysis and this process could possibly be employed within the larger and broader network security audit. Nonetheless, we’ve constructed this process to be thorough and to cover a series of precautions. In every step you are encouraged to document your activities. From reviewing existing policies to assessing the physical security of the servers to deleting redundant rules from the rule-base, it is vital we document thoughts, criticisms, and changes as we move through the process. This positive process documentation results in better work right now and makes the life of the next person auditing the firewall significantly easier. Click here to access the Firewall Audit Checklist .
VPN Configuration
5/9
Utilizing a VPN has become increasingly common. There are some IT security professionals who suggest that everyone should use a VPN to protect their personal security. This process, however, utilizes a VPN for different reasons. When working within a secure office network, it becomes a risk to allow remote access. Yet, remote access to the office network is vital for business trips and other similar scenarios. In this process, a VPN is set up on a staff member’s laptop which allows the staff member to connect to the office network remotely. Built in to this process are the checks and balances which come from using a process to manage setup. For example, as part of your security protections, both the IT department and HR department would have recorded the information of who has remote access to office networks. This prevents risk exposure that otherwise could have been caused by poor communication practices. Click here to access VPN Configuration.
Apache Server Setup
6/9
The most popular server in the world is Apache, and in this process we take you through the step by step guide of setting up an Apache server on your Windows Server. This guide provides the simple steps and commands needed to download, install, and monitor your Apache server. It also caters to other methods of setup by walking through alternative commands. This walkthrough is primarily geared for someone with a Windows Server running on 64 bit who wants to install Apache 2.4.17. Being a Process Street template, you could always edit these tasks to tailor them specifically to your needs and your system, if they differ from the scenario presented above. Click here to access the Apache Server Setup.
Email Server Security
7/9
Email is one of the first ways anyone is going to try to get into your company. Fighting off phishing attacks and other malicious attempts to compromise your security rely on both strong technical resilience and a high level of professional training. There are lots of steps you can take to secure your email from a technical standpoint: Enable SPF Enable DKIM Enable DMARC Enable DNSSEC And we include each of them and more within the checklist. There are acronyms galore within email security so make sure you brush up on your ISPs and DNSs. Beyond the technical steps, there’s encouragement toward setting up comprehensive training processes for your staff. No matter how many technical barriers you put in place, if people keep accidentally downloading malware you’re going to be faced with problems. Click here to access the Email Server Security checklist.
Penetration Testing
8/9
Penetration testing is like the cool side of IT security. It more closely resembles the kind of IT practices you might see in a film. Hollywood IT. Heart-racing soundtrack optional. Penetration testing involves testing a system’s security by trying to break into it. It’s centered around trying to find vulnerabilities in a system and then attempting to sneak inside. The goal of a penetration tester is to see how much damage they have the potential to cause. As long as this is all well documented, they are able to use this knowledge gathered in order to patch up the holes in a system’s security. This process provides a step by step guide through different tasks involved in pen-testing while also giving space to document the process as it is run. This allows the pen-tester to effectively record information as they go and have it all stored in one place for later analysis. Click here to access the Penetration Testing process.
Employ these IT security processes before it’s too late! We’ve included 8 templates here for you to use to secure your systems, but there are many more you could build too. With Process Street, you can lay out your security procedures in an actionable manner; making them both easy to follow and clearly documented. Implement strong security policies and processes in your organization before it falls victim to a data leak, or something worse. With increasing legislation aimed at securing how data is held, putting effective systems in place will protect your customers and possibly protect yourself from the long arm of the law. If you like these templates, check out our previous template packs :
9/9