This page contains a Flash digital edition of a book.
BATTLECARD Who manages your Information Security Program?


Ask your customers


these questions.


Do you test the resiliency of your enterprise to outsider attack often enough? Have you recently assessed your organization‘s overall compliance with HIPAA, PCI, GLBA, SOX, FISMA? Do you test your critical applications for exploitable vulnerabilities often enough? Do you have a documented and managed Information Security Program? Do you have a documented IT Security Risk Governance Program?


Do your organization and employees have basic security awareness and knowledge about emerging and potential cyber security threats (malware, phishing, and social engineering)? Do you perform active penetration testing on your wireless infrastructure? What would be the impact to your organization if a breach were to occur? Can you guarantee unauthorized users cannot gain access to your critical data? Do you have a named owner for IT Security Risk? Do your organizational structure, policies, and procedures effectively address your threats? Do you have a way to measure and assess risk? Do you prioritize how you manage this risk and review your progress frequently? Do your employees know how to recognize a well-crafted phishing email from a legitimate one? Do they know how to respond?


If you answer no to any of these questions, your critical data may be at risk!


What should you do?


Active penetration testing or ethical hacking is crucial to determine where you are vulnerable and what vulnerabilities can be exploited by the bad guys.


HIPAA Security Gap Analysis, PCI Security Gap Analysis, and Organization and Policy Assessments will help you identify and manage your critical risks.


Active Application Security Testing is critical to ensure your applications are not susceptible to exploitation. Secure code review will verify that your application software is safe and secure.


Organizing to actively manage your people, process, and technology is critical to a healthy security program. It addresses the rules for protecting your critical data, and the policies and procedures for how you will detect security events and mitigate the risks posed by these events.


Defining and documenting a Risk Register to manage enumeration, criticality, and priority of risks helps keep you focused on keeping critical data safe from compromise or exfiltration.


Establishing an effective security awareness program is paramount to managing security risk. Employees are the weakest link in the security chain and insider threats are real. Security education awareness is key!


How will PC Connection help you bring your risk to an acceptable level?


Yes we will help! We check for weaknesses in external services, authentication, IP and email spoofing, exposed applications, databases, etc. We identify if your critical services are exploitable, validate compliance, and offer Managed Services. We check for SQL injection, buffer overflow, cross site scripting (XSS), session hijacking, and code weaknesses.


We assist you on writing procedures and policies to address how to operate your business safely and securely and make sure your policies are enforceable. Your detection and reaction policies should be based on ”WHEN”, not ”IF.”


We work with you to establish a Risk Governance Program and Committee. This will ensure effective process and oversight to manage your risk.


We review your policies, and then teach your employees about pretexting, phishing, malware, and what to do if they think their systems are compromised.


When you find an opportunity, offer to connect your customer with our experts. Engage all your great resources, like TSS, BDM, Solutions Architects, and Professional Services. Click here to download this battle card in an alternative stand-alone format.


INTERNAL USE ONLY #8277 0315 37


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88