Professional Risk Management
A Basic Requirement for Security Administration
Professional risk management is a basic requirement for security administration. It is not a nice-to-have luxury. However, many IT technicians and engineers take short cuts to make their job easier, or cut costs. Alternatively, others lack understanding or don’t do the necessary deep dive research on how to build secure networks.
To help you understand security administration, we look at Microsoft’s 10 Immutable Laws, and share our insights on each one.
“Security isn’t about risk avoidance; it’s about risk management.”
Microsoft’s 10 Immutable Laws of Security Administration: Law #9
From time to time, we assess networks managed by other companies, through our professional risk management audit service. For instance, a business contacts us after a security breach. Sometimes this result of an insurance claim or at the owners request. Probably most of the networks were considered “secure”, right up until the day they were hacked.
Certainly, in all cases, the breaches could have been prevented by professional risk management. However, it is impossible to manage what you don’t monitor.
In short, comprehensive monitoring is not a “nice to have” feature. Most importantly, this is a critical part of proactive system management. Consequently, do your due diligence. Check that your IT company is providing comprehensive monitoring. If not, you are putting your business at risk.
Therefore, if you would like a second opinion about the security of your business IT, contact us.
Share this Article:
General Security Advisory issued by the NZ National Cyber Security Centre Ongoing campaign of DoS attacks affecting New Zealand entities 31 August 2020 A General Security Advisory has been released