For starters, companies need to protect the data that they receive from their customers and also their own. Companies must set policy’s to have a set of guidelines to follow by in order to keep procedures straight and also for the employees to follow. Also companies need to have and abide by intellectual property.
After my risk assessment user passwords are not part of the intellectual property laws. Now for server patches licensing would have to be valid for any of our ...view middle of the document...
So customers hosting their information with us stays on their system and not copied to or given to another customer for cash. All technicians have been certified in each of the major vendors such as Microsoft, Cisco, Sonic Wall, and VMware.
In our datacenter we have to keep all customers data safe and not able to fall in the wrong hands because my company could get sued for not having the proper security for their systems. All of the customers equipment is locked up separated and segregated from our internal network. We hire a third party to do security audit to help keep up with the security precautions.
IT Asset Description | Seven Domains of Typical IT | Privacy Data Impact | Assessment[Critical-Major-Minor] |
User Passwords | Workstation Domain | User and company Data | Major |
Server patches an security | Lan domain | Company data | Major |
Cisco ASA (Old users and ACL on our Ip lists.) | Lan to WAN domain | Company | Major |
Remote users security | Remote access domain | User/ Company data | Major |
Webserver (Updates and services not needed) | System/application Domain | Company | Minor |
RDP Servers Security | System/application Domain | Company | Major |
IT security to Datacenter | User domain | Company | Major |
HIPAA compliance | User domain | Company / Customer Data | Critical |