Home Training Consulting News roomContact CIS  
Welcome to SACFiS


Security Tips...

Security Tips for business


When small and large businesses provide a Web site, they should attempt to make it as secure and safe as possible, both for themselves and their customers.

So many businesses have a Web site, but too many do not implement security measures. Before launching a company Web site, take steps to ensure safety for both the business and customers.

Earn trust

First of all, purchase a digital certificate from a well known certificate authority (CA), such as Thawte or Verisign, who are third-party organizations that verify the identity of your company and its Web site. Digital certificates inspire confidence in customers. At the same time, be sure to keep the certificate up-to-date. Expired certificates may lead to a loss of confidence.

Handle data responsibly

If you request information from Web visitors via a registration process or some kind of form, it is essential to use a secure, encrypted connection, such as SSL, to transmit data securely. Customers expect you to handle their personal information securely. Make sure you store data in encrypted form, and not in clear text, on your backend data servers.

Additionally, make sure that you do correct checking of entries in the forms, so that attackers cannot compromise your system via SSL injection and buffer overflows.

Maintain your tools

At your end, your software needs to be kept up-to-date. Your systems need to have a firewall and must run anti-virus software and anti-spam software. These practices help to prevent viruses or attacks on your systems.

Back up your Web site and all your data on another system. Often, DOS attacks cannot be prevented because they overwhelm firewalls and other intrusion detection systems. Often, companies mirror the Web site on another server, so if a DOS attack takes down the primary Web site, the company can switch to the mirror version with very little downtime and few customer complaints.

Ensure usability

If your Web sites installs cookies on the user’s computer, you should inform the user about it. While cookies can be helpful for personalizing the Web site for users, some cookies have been used for malware and spyware. Users who set their software to block cookies would need to disable this setting in order to use your Web site.

Similarly, if your site uses pop-ups, and the user has set the browser to block pop-ups, inform the user so that they may temporarily disable pop-up blocking.

Enjoy the benefits

A good company Web site can raise visibility and keep customers informed. Alternatively, a poorly designed and ill-maintained Web site can be a costly mistake. Follow these basic practices to avoid problems.

Enterprise Security Management

When small and large businesses provide a Web site, they should attempt to make it as secure and safe as possible, both for themselves and their customers.

Too often organizations deal with security threats after they happen. These threats are dealt with in an ad-hoc manner, and even when threats are similar they may be dealt with in different ways at different times. Without a consistent strategy, recording the details may be overlooked, and some best practices may not be followed.

Enterprise security management (ESM) is a method focused on creating a security management framework, so that organizations can build up and sustain security for their system. ESM is a holistic approach that integrates policies, guidelines, responses and proactive as well as reactive measures for various risks.

ESM has a very broad outlook that pertains not only to computer security threats but also to any risks that may affect an organization's core business. This outlook may include:

  • External security threats
  • Internal sabotage or security threats
  • Failed software development or system processes
  • Deliberate or inadvertent mistakes made by employees

In practice, implementers of ESM first seek to redefine the following aspects of security:

  • How is security viewed in the organization? ESM moves the organization from a technical-centered view to a business-centered view.
  • How is security approached in the organization? An ESM approach is systematic, rather than irregular, and strategic, rather than reactive.
  • How is security performed in the organization? ESM stresses the importance of sensing and reporting more than straight-forward monitoring.

Then, the implementers seek to acknowledge and define the risks that an organization faces. This stage addresses the questions that follow:

  • What causes the risks?
  • What businesses are affected by risk?
  • What are the consequences?

Once the risks are well defined, implementers of ESM create a framework for organizations to manage this risk.

  • Manage the threats
  • Manage the impact of those threats

The goal of ESM is to achieve resiliency for the following aspects of the organization:

  1. People
    • Educate employees
    • Train employees
  2. Business Processes
    • Streamline processes
    • Try and use common resources for which risk analysis has been done
  3. Information/Data
    • Provide checks for authorization and authentication
    • Access to only people who should have it
    • Redundancy of important data
  4. Facilities
    • May include physical security
    • Devise contingency plans
  5. Technology
    • Leveraging technology to provide solutions
    • Determining what tools can be used for defending, responding and analyzing security threats

In summary, ESM is a new area of research that aims to make security management for organizations a science, instead of the abstract and ad-hoc manner in which it is done today.

We will soon launch www.stop-cybercrime.co.za where we will put tons of tips, tools and solutions.








Upcoming Events


Home | About SACfIS | Services | Training | Consulting | Research | Press Room | Contact us |