Computer security services are an essential requirement for business nowadays. Every business in the developed world uses computers, and most of these are connected to the Internet. However, this technological revolution comes with its own set of problems concerning information security: there are threats from outside (hackers), from inside (accidental or deliberate misuse), and from natural hazards (fire, power cuts, etc). This means that many businesses are finding it necessary, for the first time, to consider using computer security services from specialist suppliers.
There are four general kinds of security service for computers and networks. Each business owner or manager should analyse their information security needs in terms of these four areas, in order to gain a clear idea of what kind of specialist service may be needed.
• Computer security consulting services: An information security consultancy will review your organisation’s existing security arrangements (if any), and offer advice Mobile Patrols and recommendations which you will then implement. The security firm will be engaged only for a short period, and the output will be a written report, possibly also an oral presentation of the findings.
• Security management: In a longer-term arrangement, the consulting firm may also implement and manage security systems on your behalf. This could be done in two ways: either the firm will supply an interim manager for a defined period, or else you can outsource the ongoing security management to them on a part-time basis for a much longer period. In either case, your firm will benefit from specialist expertise, while at the same time avoiding the considerable costs of a full-time permanent employee.
• Security testing: From time to time there will be a need for independent testing of your firm’s information security management system. This can be done by engaging external security testing services. There are various types of testing service, as follows:
a) Penetration testing of a computer network and network devices, including wireless networks.
b) Application testing of web-based or other applications (eg. mail servers, FTP servers, etc).
c) PCI DSS scanning by an Approved Scanning Vendor (ASV) to demonstrate compliance with the payment Card Industry Data Security Standard.
d) External auditing (possibly to the ISO 27001 standard for information security): this is especially important for firms that seek to be certified to an official standard.
• Vendor-specific security services: Most businesses use Microsoft Windows software, and some of these will be running Active Directory on their own servers. There are many computer security service providers who can help you get the most out of the existing security facilities in this software, in order to avoid the expense of buying other software for that purpose.