Evaluating IT Security Options

NETWORK BOX WHITE PAPER
Evaluating IT Security Options

CONTENT
Issues for IT Managers...................1 Issues for IT Managers
How Important is IT Security?....2 Assessing IT security claims - especially in the all-important area of
What Makes Good IT Security?..5 perimeter security - is difficult at the best of times. Vendors in this
area often exaggerate their offerings (sometimes spectacularly!).

Gateway Anti-Virus........................7 It can be very difficult to compare products side-by-side.

Spam Filtering..................................9 And compounding this problem is the lack of clarity in the terms
that are used. It's almost impossible to make rational comparisons VPN Termination..........................10 between the different offerings available.Internet Content Filtering..........11 This white paper has been written for IT managers who aren't security Intrusion Detection.....................12 specialists, but who want to make good decisions about IT security.Integration......................................13 You won't find any references to specific vendors or specific products
Management..................................14 in here: this is not about promoting one specific solution. However it should assist the reader in evaluating one type of solution in preference In-house or Outsource...............15 to another.Evaluating Managed Security Providers........................................16 Specifically, this paper is about giving you the tools for evaluating Summary.........................................19 your options and making good decisions rather than what the correct answers may be.Is That It?........................................19SEPTEMBER 2005 Individual network and security administrators will need No part of this publication including text, to be able to make judgements based on which technology examples, or illustrations may be reproduced, and services platforms will effectively support and secure transmitted, or translated in any form or by their business requirements or organisational operations.any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Network Box Corporation Limited.
Network Box Australia Pty LtdSuite 9, 1020 Doncaster Road, East Doncaster 3109 Melbourne, AustraliaTelephone: +61388410000 Fax: +61388410088 www.network-box.com.au
NETWORK BOX AUSTRALIA PTY LTD, SUITE 9, 1020 DONCASTER ROAD, EAST DONCASTER 3109, MELBOURNE, AUSTRALIA
1
TELEPHONE: + 61388410000 FAX: +61388410088 www.network-box.com.auNETWORK BOX WHITE PAPER
How Important is IT Security?
It's often assumed (and always proclaimed by IT security vendors) that the correct answer is "extremely". Realistically, it isn't.
The truth is, it depends on what you're trying to protect or mitigate. Just as banks The right level of spend more money on physical security than milk bars, so the right level of IT IT security for your organisation depends on security for your organisation depends on the value of what you are protecting the value of what you and the usage risks you are required to mitigate.are protecting and the usage risks you are To assess what constitutes a sensible level of protection, you need to consider required to mitigate. three things:

The value of what you are protecting?
The likelihood of you having a problem?
The things you can't replace?

?
What are you protecting?
Here are some important things to consider.


The bulk of your physical IT assets aren't under threat: that's a


question for physical security. But your con?dential information


and IP are, and the value of these varies dramatically from



business to business. Consider, for example, the impact on your


business if your
accounts receivable data were altered, if your



customer contact details were stolen, or if tender documents



were accessed without your permission.
The cost of bandwidth, often consumed by hackers (and sometimes by staff!) in very large quantities, is commonly overlooked.

... [download for more]