Malware

In the past, viruses were created with the sole purpose of wreaking havoc on the infected systems. A large fraction of today’s malware, on the other hand, are designed to generate revenues for the creator. Spyware, botnets, and keyloggers steal information from your system or control it so that someone else can profit. In other words, the motivation for making them is now more attractive than before.

Keyloggers can reveal your usernames, passwords, PIN numbers, and other authentication information to their creators by recording your key strokes. This information can then be used for breaking into various accounts: credit cards, payment programs (like PayPal), online banks, and others. You’re right, keyloggers are among the favourite tools of individuals involved in identity theft.

Much like the viruses of old, most present day malware drain the resources, such as memory and hard disk space, of contaminated systems; sometimes forcing them to crash. They can also degrade network performance and in extreme cases, may even cause a total collapse.

If that’s not daunting enough, imagine an outbreak in your entire organisation. The damage could easily cost your organisation thousands of euros to repair. That’s not even counting yet the value of missed opportunities.

Entry points for malware range from optical disks, flash drives, and of course, the Internet. That means, your doors could be wide open to these attacks at this very moment.

Now, we’re not here to promise total invulnerability, as only an unplugged computer locked up in a vault will ever be totally safe from malware. Instead, this is what we’ll do:

  • Perform an assessment of your computer usage practices and security policies. Software and hardware alone won’t do the trick.
  • Identify weak points as well as poor practices and propose changes wherever necessary. Weak points and poor practices range from the use of perennial passwords and keeping old, unused accounts to poorly configured firewalls.
  • Install malware scanners and firewalls and configure them for maximal protection with minimal effect on network and system performance.
  • Implement regular security patches.
  • Conduct a regular inspection on security policy compliance as well as a review of the policies to see if they are up to date with the latest threats.
  • Keep an audit trail for future use in forensic activities.
  • Establish a risk management system.
  • Apply data encryption where necessary.
  • Implement a backup system to make sure that, in a worst case scenario, archived data is safe.
  • Propose data replication so as to mitigate the after effects of data loss and to ensure your company can proceed with ‘business as usual’.

Once we’ve worked with you to make all these happen, you’ll be able to sleep better.

Other defences we’re capable of putting up include:

Check our similar posts

How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Operational Reviews

IT OPERATIONAL REVIEWS DEFINED
An IT operational review is an in-depth and objective review of an entire organisation or a specific segment of that organisation. It can be used to identify and address existing concerns within your company such as communication issues between departments, problems with customer relations, operating procedures, lack of profitability issues, and other factors that affect the stability of the business.
Operational reviews allow the organisation members to evaluate how well they are performing, given that they perform appropriately according to the procedures set by them, allocating their resources properly, and performing such tasks within time frame set and using cost-effective measures. More importantly, it also shows your company how well it is prepared to meet future challenges.
Simply put, the goals of an operational review are to increase revenue, improve market share, and reduce cost.

THE BENEFITS OF AN IT OPERATIONAL REVIEW
The main objective of IT operational reviews is to help organisations like yours learn how to deal with and address issues, instead of simply reacting to the challenges brought about by growth and change.
In such review, the information provided is practical from both a financial and operational perspective. Using these data, the management can then come up with recommendations, which are not only realistic, but more importantly, can help the organisation achieve its goals. The review recognises the extent to which your internal controls actually work, and enables you to identify and understand your strengths, weaknesses, opportunities and threats

To be more specific, let’s list down the ways wherein an effective operational review can contribute to the success of the organisation.

The review process can:
– assess compliance within your own organisational objectives, policies and procedures;
– evaluate specific company operations independently and objectively;
– give an impartial assessment regarding the effectiveness of an organisation’s control systems;
– identify the appropriate standards for quantifying achievement of organisational objectives;
– evaluate the reliability and value of the company?s management data and reports;
– pinpoint problem areas and their underlying causes;
– give rise to opportunities that may increase profit, augment revenue, and reduce costs without sacrificing the quality of the product or service.
Thus, each operational review conducted is unique, and can be holistic or specific to the activities of one department.

Our Operational Efficiencies cover the entire spectrum:

  • What to buy
  • Optimising what you’ve already bought e.g. underutilised servers, duplicate processes, poorly managed bandwidths
  • Making your team comfortable with the changes
  • Instilling Best Practices

UNCOVER WAYS TO DRIVE YOUR PROFITS UP, THROUGH OPERATIONAL REVIEWS

More Operational Review Blogs


Carrying out an Operational Review


Operational Reviews


Operational Efficiency Initiatives


Operational Review Defined

Without Desktop Virtualisation, you can’t attain True Business Continuity

Even if you’ve invested on virtualisation, off-site backup, redundancy, data replication, and other related technologies, I?m willing to bet your BC/DR program still lacks an important ingredient. I bet you’ve forgotten about your end users and their desktops.

Picture this. A major disaster strikes your city and brings your entire main site down. No problem. You’ve got all your data backed up on another site. You just need to connect to it and voila! you’ll be back up and running in no time.

Really?

Do you have PCs ready for your employees to use? Do those machines already have the necessary applications for working on your data? If you still have to install them, then that’s going to take a lot of precious time. When your users get a hold of those machines, will they be facing exactly the same interface that they’ve been used to?

If not, more time will be wasted as they try to familiarise themselves. By the time you’re able to declare ?business as usual?, you’ll have lost customer confidence (or even customers themselves), missed business opportunities, and dropped potential earnings.

That’s not going to happen with desktop virtualisation.

The beauty of?virtualisation

Virtualisation in general is a vital component in modern Business Continuity/Disaster Recovery strategies. For instance, by creating multiple copies of virtualised disks and implementing disk redundancy, your operations can continue even if a disk breaks down. Better yet, if you put copies on separate physical servers, then you can likewise continue even if a physical server breaks down.

You can take an even greater step by placing copies of those disks on an entirely separate geographical location so that if a disaster brings your entire main site down, you can still gain access to your data from the other site.

Because you’re essentially just dealing with files and not physical hardware, virtualisation makes the implementation of redundancy less costly, less tedious, greener, and more effective.

But virtualisation, when used for BC/DR, is mostly focused on the server side. As we’ve pointed out earlier in the article, server side BC/DR efforts are not enough. A significant share of business operations are also dependent on the client side.

Desktop virtualisation (DV) is very similar to server virtualisation. It comes with nearly the same kind of benefits too. That means, a virtualised desktop can be copied just like ordinary files. If you have a copy of a desktop, then you can easily use that if the active copy is destroyed.

In fact, if the PC on which the desktop is running becomes incapacitated, you can simply move to another machine, stream or install a copy of the virtualised desktop there, and get back into the action right away. If all your PCs are incapacitated after a disaster, rapid provisioning of your desktops will keep customers and stakeholders from waiting.

In addition to that, DV will enable your user interface to look like the one you had on your previous PC. This particular feature is actually very important to end users. You see, users normally have their own way of organising things on their desktops. The moment you put them in front of a desktop not their own, even if it has the same OS and the same set of applications, they?ll feel disoriented and won’t be able to perform optimally.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today