 |
| |
Technology Feature of the Month - Business Impact Analysis and
|
| Penetration Test or Security Assessment? |
| CPR Holiday Hours |
| CPR Learning Center News |
| Upcoming Events in 2008 |
Phone Numbers: Grand
Rapids: Kalamazoo: |
Technology
Feature of the Month —
Business
Impact Analysis and
Data Center & IT Vulnerability Assessments
| How
well is your organization prepared to withstand a major catastrophe?
Or even a minor business interruption? How well are your organization’s
key assets, systems and data protected? How quickly will you be
able to resume normal business operations? These are just a handful
of questions that businesses are asking themselves. CPR’s Business Continuity Analysts, Data Center Vulnerability Experts and IT Professionals have years of experience assessing, analyzing and performing business impact analysis, data center vulnerability assessments and IT vulnerability assessments for organizations. Regulated industries and publically held companies require a rigorous approach to ensure the viability of their environment in the event of a disaster or business disruption. Whatever your organizations needs are, you can work with CPR to achieve a more secure, sound and stable business environment. |
 |
To
learn more about the Business Impact Analysis process, or Data Center
Vulnerability and IT Vulnerability Assessments our Business Continuity
Specialist has reserved the week of January 14th to meet with you.
To schedule a meeting or to simply talk to one of our business continuity
specialists click
here to complete our online survey and a member of
our Business Continuity Team will contact you. |
|
Penetration Test or Security Assessment?
Understanding the difference and
determining which one is necessary
One of the most widely misunderstood requirements from the examiners is the independent testing of your IT security policy and controls. Some businesses have IT specialists perform penetration tests. Others do security assessments. The terms get interchanged as if they were the same thing. They are not! To make it worse, prospective vendors may not understand your IT examination requirements. It can be quite confusing. But there is a big difference.
| • |
Penetration
Tests A penetration test subjects a system to (selected) real-world attacks… (It) should be combined with other monitoring to validate the effectiveness of the security process. |
 |
| • | Assessments An assessment is a study to locate security vulnerabilities and identify corrective actions. It differs from a penetration test by providing the tester with full access to the systems being tested. |
Many businesses are required to test each year. Unfortunately, selecting the correct test is like comparing "apples and oranges". There are few formal standards or guidelines for what is covered under each program making it difficult to compare one program against the other. However, there are some basic guidelines that can be used to understand the philosophies (and therefore the results).
A Penetration Test can be as simple as running automated scans against the environment, generally from outside the perimeter. This is to give you an idea as to what "the bad guys" see for your network computing environment. However only testing the perimeter can give you a false sense of your security.
| Did you know? |
|
| • |
Industry
estimates are that 80% of all network breaches/data loss originate
from within the environment, rather than from outside the firewall.
Companies that spend all of their resources securing the perimeter,
without considering the inside threat are most likely to suffer
a breach in security (and unauthorized access to customer data). |
| • | Automated network scans don't take into account all of the potential areas that may house customer data. |
A
comprehensive Security Assessment utilizes a professional look at areas
that someone with malicious intentions will look, and will attempt to
"connect the dots" to uncover vulnerable points on all areas
of the network. The Assessment Process will adapt to the changing landscape,
as "the bad guys" constantly look for ways to outwit "the
good guys" with new tricks and ways to try to gain unauthorized access
to systems and data. In this way you'll have a comprehensive understanding
of your environment, and be better able to evaluate and mitigate the risk
within your environment.
For more information on CPR's Security Assessments, click
here or call the Customer Support Center.
Holiday
Hours
CPR extends a heartfelt thank you to all of our customers this Holiday Season. We appreciate your friendship, your loyalty, your commitment to local services, and your business. We look forward to serving you in 2008.
CPR will be closed during these Holiday
Hours:
Christmas Day, Tuesday,
December 25th
New Year’s Day, Tuesday,
January 1st
Special Training Offers
Planning
Successful Events at CPR
The beginning of the New Year means a busy events calendar for CPR.
Our goal is to present relevant information, on timely topics. Since
January 2007, over 450 customers have attended CPR seminars. Each
attendee is asked to complete a seminar evaluation form. We use those
evaluations to measure the success and relevance of the seminar. Below
is feedback from our 450+ seminar attendees.
| Usefulness
of Information 52% Excellent 46% Good 1% Fair |
Effectiveness
of Presenters 55% Excellent 41% Good 4% Fair |
| (Statistics based on evaluations from seminars hosted between Jan 1.07 – Dec 12.07) | |
We choose our upcoming seminar topics based on feedback from our evaluations. We also recently ran a survey in the e.news to find out what types of seminars you are interested in. Based on the responses, Business Continuity and Disaster Recovery were the most requested topics. Virtualization, Storage, and Strategic IT planning tied for the second most requested topics. Plan to see all of these topics featured in upcoming seminars in 2008. We are working with our vendor partners to bring you the latest information on all emerging technologies. Watch the e.news each month to see what seminars are coming up next. If you have a suggestion on how we can improve our seminars or an idea for a new topic, please let us know. Click here to send us your thoughts.
Tell
Us What You Think
If there's
something you'd like to see in the next e.news, we'd like to know. Click
on the following link to send us your suggestions:
info@cprgr.com.
CPR Contact Information