This document outlines strategies for securing a business's technology plan. It discusses assessing threats like phishing, spyware and data leakage. It recommends implementing access controls, asset protection, policies and procedures, and data protection technologies like server virtualization and online backups. The goal is to increase awareness of threats, understand pressures on IT, and implement proper protection strategies for issues like rising energy costs and resource constraints. The document provides questions and answers to help businesses develop a secure technology plan.

1. Secure Your Business!A Blueprint for a Healthy Technology Plan 2009 Presented by: Robert CioffiDirector of Technology rcioffi@pro-comp.com Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

2. Installing confidencein your network We are Trusted Technology Advisors for small and mid-sized businesses throughout the NYC metro area. We design, install and maintainMicrosoft Windows based networks. We help customers who are…  Overwhelmed or confused by technology problems.  Frustrated by poor and unresponsive support.  Feeling helpless when faced with new IT challenges. www.pro-comp.com 2

4. Secure Your Business: IT Mgmt Mistakes It’s the economy, stupid! “Companies using their 2009 performance as a guide are more likely to see 2010 as another down year, perhaps even lower than 2008…” “…unlike past recessions, CIOs report that transaction and storage volumes continue to grow. This means that enterprises have to work smarter by working in new ways than working harder by doing more with less. ” Source: Gartner, The context for 2010 planning will be challenging, June 22, 2009 Pressure leads to Mistakes IT is a Cost Center Hyper focus on apps IT is not well understood If it ain’t broke, don’t fix it 4 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

5. Secure Your Business: Traditional Threats Recent Focus } Most Common F.U.D. Most Dangerous 5 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

6. Secure Your Business: Threats 2009 Specific threats affecting business… Phishing Attacks Spyware Computer Abuse Data Leakage (Accidental) Data Loss (Malicious) Theft & Loss Rising Costs & Less Resources 6 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

7. Secure Your Business: Budgets Data Protection Access Controls Risk Assessmentprovides clear direction onResource Expenditures Power Asset Protection Threat Mgmt Policies & Procedures 7 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

8. Secure Your Business: Data Protection What’s the most important part of your computer system? The Data! What’s the right way to protect my data? Traditional Innovative HYBRID 8 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

11. Versioning and quick recovery.

12. Low operating costs.9 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

14. Government regulations making it harder.

15. Microsoft acquires local power plant for datacenter.Do more with less – Virtualization? US power: Prone to failure & attack 10 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

17. Protection

18. Detection

19. Response11 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

20. Secure Your Business: Access Controls Who Has Access to What? 1. Define resources, and users; what can they access? 2. Force users to enter logon credentials to access resources. 3. Segregate data into logical areas & assign appropriate access. 4. Passwords should be hard to guess & changed periodically. 5. Educate users about dangers of social engineering. 6. Periodically check for and install software patches & updates. 7. Bio-Scan Technology: Hand readers, Retina scanners, etc. Windows Group Policy is an excellent and powerful tool for implementing centralized Logical Security on your network: desktop lockdown, password policies, application options control, and more. 12 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

22. Restrict access to sensitive equipment to relevant personnel.

23. Computer workstations can be secured to walls or furniture.

24. Laptop users should keep an “eye” on their computer at all times.

26. “Homing Pigeon” Software for lost or stolen equipment13 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

28. Should be routinely reviewed and revised.

29. Good risk assessment will drive good security policies.

31. Email signature disclaimers

32. Don’t Ask, Don’t Tell Passwords

33. Policies are platitudes rather than a decision or direction

34. Too restrictive – people bypass14 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.

35. Secure Your Business! Q & A 15 Copyright © 2009, Robert Cioffi, Progressive Computing Inc.