Firewalls

There are two main reasons why some companies are hesitant to plug into the Internet.

  1. They know they’ll be exposing their company data to outside attacks from malicious individuals and malware.
  2. They fear their employees might get too many distractions: games, porn, chats, videos, and even social networking sites.

One vital component for your overall security strategy against such concerns? A firewall.

A firewall can block unauthorised access to certain Internet services from inside your organisation as well as prevent unauthenticated access from the outside. It is also used to monitor users’ activities while they were online.

In an enterprise setting, one may expect a collection of firewalls either for providing layered protection or segmenting off different units in the organisation. Some areas only need a standard line of defence while others require more restrictions. As such, certain firewalls may have different configurations compared to others.

Naturally, the more intricate an organisation’s defence requirements get, the more complex the task of monitoring, testing and configuring the firewalls becomes. That’s why we’re here to help.

  • We’ll evaluate your network as well as the security requirements of each department under your organisation to determine which firewall architecture is most suitable.
  • To achieve maximum efficiency, we’ll point out where each firewall should be positioned.
  • We’ll work with your key personnel to make sure all firewall configurations are set and optimised with your business rules in mind.
  • If a large number of firewalls are required, we’ll help you set up a firewall configuration management system.
  • Firewalls should be regularly tested and assessed to ensure they are in line with the organisation’s security policies. We’ll perform these routine tasks as well.

Firewalls aren’t very good at defending against sophisticated viruses. There are much better solutions for malware-related vulnerabilities, and we can help you in that regard too.

Other defences we’re capable of putting up include:

Check our similar posts

How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

EU Energy Efficiency Directive & UK?s ESOS

In 2012 the European Union passed its EU Energy Efficiency Directive (EED) into law. This aims to reduce overall energy consumption by 20% by 2020. It placed an obligation on member states to pass back-to-back local legislation by June 2014.

EED Guidelines

The EED provides specific guidelines it expects member nations to address. The list is long and here are a few excerpts from it:

  • Large companies must use energy audits to identify ways to cut their energy consumption
  • Small and medium companies must be incentivised to voluntarily take similar steps
  • Public sector bodies must purchase energy-efficient buildings, products and services
  • Private energy-consumers must be empowered with information to help manage demand
  • Energy distributors / resellers must cut their own consumption by 1.5% annually
  • Legislators are free to substitute green building technology e.g. through better insulation
  • Every year, European governments must audit 3% of the buildings they own

Definition of Energy Audit

An energy-consumption audit is a question of measuring demand throughout a supply grid, with particular attention to individual modules and high demand equipment. While this could be an exercise repeated every four years to satisfy ESOS, it makes more sense to incorporate it into the monthly energy billing cycle.

Because energy use is not consistent but varies according to production cycle, this can produce reams of printouts designed to frustrate busy managers. ecoVaro offers an inexpensive, cloud-based analytic service that effortlessly accepts client data and returns it in the form of high-level graphic summaries.

Potential ESOS Beneficiaries

As many as 9,000 UK companies are obligated to do energy audits because they employ more than 250 employees, have a balance sheet total over ?36.5m or an annual turnover in excess of ?42m. Any smaller enterprise that finds energy a significant input cost, should also consider enlisting Ecovaro to help it to:

  • Obtain a better understanding of the energy side of their business
  • Achieve energy savings and share in a estimated ?3bn bonanza to 2030
  • Reduce carbon emissions to help meet their CRC commitments

More About ecoVaro

We offer web-based energy management software that helps you measure and manage energy costs. This strips data from your meters and generates personalised reports on a dashboard you control. This information helps you accurately zoom in on worthwhile opportunities. With Ecovaro on your side, ESOS truly becomes an Energy Saving OPPORTUNITY Scheme.

Enhance and Streamline IT Processes

You can’t be assured of a competitive advantage by just buying the latest technology. Your top competitor can easily match that feat by simply spending as much on the same tools. To be always at least a step ahead, you’ll need to perform tweaks on your IT processes aligned with the strengths of your organisation.

IT solutions are like a pair of sneakers. If they fit perfectly, they’ll help you run the extra mile. If they don’t, you can develop blisters faster than you can reach a single mile.

In all our efforts to enhance and streamline your IT processes, we’ll start by looking at all your logistical advantages, limitations, and objectives to determine which technologies suit you best. Once we’ve obtained them, we’ll perform the appropriate customisation to make them perform optimally under the conditions unique to your organisation.

Below are just some of the enhancements we can apply to your organisation:

  • Put up application and systems monitoring to identify bottlenecks and underutilised resources in your IT infrastructure.
  • Propose areas where you can plough back the generated savings to further improve your ROI.
  • Take scalability into consideration when pushing for certain IT investments to ensure that the IT solution will work for your organisation not only today but even as your organisation grows.
  • Introduce mobile-capable enterprise-class IT solutions that allow seamless collaboration between team members working at different locations on the globe so that pressing matters can be resolved and decisions can be arrived at as quickly as possible.
  • Integrate Business Intelligence into your IT system so that massive collections of data can be processed into insightful information which managers can draw on to make intuitive decisions.
  • Introduce avant-garde solutions, like virtualisation and infrastructure sharing, which may require large scale changes but can also significantly reduce operational costs.

Find out how we can increase your efficiency even more:

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today