GNSC Blog

In Part 1, we went back to basics and started with the minimum security that every business and home computer should have.  

In this weeks article we’ll look at an equally important minimum for every small to medium sized business; knowledge, understanding and education. 

One of the most important things when approaching computer security is to remember there is no panacea.  Installing some piece of software or hardware does not make security problems go away.   The hardware or software may mitigate risk or help you manage risk but the risk never actually goes away.  Its important to remember this since our tendency is to rely on technology to solve problems. 

Take for example the firewall.  With it, intruders are knocking on our electronic door.  The firewall simply prevents intruders from walking right in.  Even so, the intruder keeps knocking and looking for other ways in.  The danger is the firewall can make us complacent.  What we don’t see or hear doesn’t bother us.  Yet, the risk never really goes away. 

A homeowner, even with locked doors and a security system,  would still wisely be on guard for the intruder if they knew the intruder was parked outside their door.   What if the intruder call’s his lock picking friend to attempt to open the locks?   Maybe he knows someone who can disable the alarm system?  Maybe he can even convince the homeowner he’s not a threat and let him in.  A wise homeowner is  always remains alert for trouble.  It should be the same for IT security. 

The first step in this process is education (assuming your are already running a good anti-virus program, supplemented with a good malware program and a properly configured firewall).  You need to know the issues, the threats and the risks. 

Here are some great places to get started.  Wade into the reputable security media on the Internet first before plunking down $$$ for classes or educational materials.

1. Security Focus – a good portal to general computer security news
2. ITSecurity – a more issue driven computer security site.
3. SANS – A leader in security information publishing, training and certifications.
4. Microsoft Security Central – Microsoft’s site for keeping you updated.

There are many more, but these will get you started.  If you want more or issue oriented ones, just contact us.  A perfect way to keep on top of issues is to subscribe to these site’s RSS feeds. 

In Part 3, we’ll define and discuss some of the current issues and terms in more detail.

This entry was posted on Monday, August 11th, 2008 at 8:10 am and is filed under The How-To's of Basic Computer Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.