Scopes of management for IT environment for security

If you are an IT manager, you would probably want to check out this survey by decipher.

I find it helpful because it provides one with the scopes of considerations required for managing an IT environment with regards to the information security.

Here are the scopes:

1. Categories of IT task within an environment.
  • General System Admin
  • Network administration or management
  • Security
  • End User/help desk
  • Development/Programming
  • Database Admin/management

2. Internet applications, technologies or services to be concerned with.
  • Instant messaging

    • Public instant messaging (e.g., AIM, Yahoo, MSN, GoogleTalk, Skype, ICQ)
    • Internet or Web-based chat (e.g., IRC, Meebo)
    • Enterprise IM and Unified Communications (e.g., Microsoft LCS, Jabber, IBM Sametime,)

  • Media
    • Streaming audio or video services (e.g., Windows Media, QuickTime)
    • Subscription media (e.g., RSS, podcasting)
    • IPTV (e.g., Joost or Veoh)
    • Wikis or Blogging (e.g., LiveJournal, Blogspot)

  • File Sharing
    • Remote synchronization applications (e.g., Plaxo, GoToMyPc, Timbuktu)
    • Music/video file sharing (e.g., Kazaa, Limewire, Grokster, BitTorrent)

  • Collaboration
    • Web conferencing (e.g., WebEx, PlaceWare, RainDance)
    • Collaborative work applications (e.g., Groove)
    • Social Networking Sites (e.g., MySpace, Facebook, LinkedIN, and others)
    • Webware/Web-based applications and services (e.g., Delicious, Twitter, BackPack)

  • Internet Telephony
    • Personal/client-based telephony (e.g., Skype or Vonage)
    • Enterprise/server-based telephony

  • Others
    • Web-based mail (e.g., via Yahoo, Hotmail, Google )
    • Anonymizers and proxy servers (e.g., Tor, Ghostsurf)
    • Google desktop
    • Browser plug-ins

3. Have any of the incidents listed below occurred at your company within the last six months?
  • Viruses, trojans, worms
  • Spyware and adware
  • Rootkits or similar hidden applications
  • Bots and Botnets
  • Other malware (keyloggers, dialers, etc.)
4. Security-related activities
  • Maintenance of network security hardware and software
  • Maintenance of enduser computer hardware/software
  • Federal or corporate archiving and storage requirements (e.g. of emails or IM logs)
  • Education of endusers about security-related issues
  • Development of corporate security policies
5. IT group have guidelines and procedures for archiving, storing and producing certain company communications, like email, chat or IM records. The organization's attorneys or legal counsel ever provided you with guidance or instructions about requirements for storing and archiving certain company communications, like email, chat or IM records?

6. Methods used by your organization to control and secure IM communications made by employees.
  • IM proxy servers
  • Firewalls
  • Intrusion Prevention Systems (IPS)
  • Desktop software/personal firewalls
  • Desktop lockdown
7. Considerations for end-users:
  • Most endusers are aware of corporate Internet usage policies ?
  • Endusers are regularly trained on how to keep their computers secure from threats ?
  • Most endusers comply with corporate Internet usage policies ?
  • Management is aware of federal regulations that govern our archiving/storage requirements ?
  • We cannot prevent endusers from using IM or P2P applications ?
8. IM Pros and Cons:
  • IM and P2P are extremely risky for my company's network security ?
  • The advantages of IM and P2P outweigh the risks ?
  • We have effective methods to monitor IM or P2P traffic on our network ?
  • We have effective methods to block/filter IM or P2P traffic on our network ?
  • We have all the tools we need to be in compliance with federal regulations governing archiving and storage ?
  • We cannot keep up with all the spyware and adware applications that are out there. It is too hard to stay abreast of the latest threats ?
  • My colleagues and I receive sufficient training to be up-to-speed on security-related issues ?
Also, check out SonicWall and ACA Pacific distributions of Kace, Consentry and FaceTime.

Pay attention to Kace, provider of KBox, system management appliances.

KBox intends to solve old problem and it is based on client server architecture. The main purpose of its existence is to control users and it takes away IT managements the problems of:
  • Complexity
  • Security
  • Productivity
  • Compliance
  • Speed
  • Efficiency
It has two products:
  • KBox 2000 Series Systems - Deployment appliances.
    Essentially, this is a system imaging and deployment tool for Windows and Linux systems. It provides the following functions & features:
    • Inventory
    • Scripted Installation
    • K-Imaging
    • KPE
    • Remote Systems Recovery
    • Pre & Post Processing
    • Application Slipstreaming
    • Integrated Reporting
    • Centralized Deployment Library
    • 100% Agentless

  • KBox 1000 Series Systems - Management appliances.
    Essentially, this is tool focus on your day-to-day systems management and security needs.
    • Hardware & software inventory
    • Software distribution
    • Patch Management
    • Asset Management
    • Scripting Configuration
    • Security Audit & Enforcement
    • Reporting & Dashboards
    • Help Desk & User Portal
    • Alerting & Remote Control
According to Greg Lipper (Managing Director of Kace APAC), KBox is unique in Asia because non-box IT management products & services don't get the work done, due to the following factors:
  • Cost
  • Implementation problem
  • Support requirements
And by putting everything into a box, that three adoption prohibition factors are eliminated quickly. And it promises the following things:
  • Easy to use
  • Total solution
  • Satisfaction guarantee
Which in other words, KBox helps to save cost for your IT management. It is built based on open source technologies such as Apache, MySQL and BSD (OS). It also has the capability to perform sell system turning.

However, it is not perfect per se. Thus, it is targeting companies who cannot afford a big team of IT personnel and do not have complex and evolving IT infrastructure requirements. According to Greg Lipper, these companies fall under the category of "Fortune 100,000."