Security Challenges

We build genuine partnerships with our clients

Inadequate Content Security

IT security is not just about policing an organisation's perimeter defences and monitoring traffic coming into the organisation's systems from outside, but also about keeping an eye on material leaving the network. A failure to put strong content security systems and policies in place, to prevent inappropriate email and internet use by employees, or to restrict the extent to which contaminated material or executables can circulate within a network, could lead to serious operational, financial or reputational damage.

Forensic investigations by Context have uncovered a wide range of illicit staff activity, made possible by a lack of content security controls at the desktop and within internal networks. At the less harmful end, this has involved staff viewing or downloading pornographic content from the internet. More serious incidents have involved employees selling client data to competitor organisations, leaking confidential material to the press, using company equipment to run their own businesses, and involvement in criminal activity.

Poor content security can also increase the chances of systems falling victim to a virus or Trojan attack, particularly in combination with a failure to devise or enforce guidelines for the use of mobile equipment. Even if the network's external defences are sound, a lack of content security at the desktop could allow contaminated material downloaded onto a mobile device or laptop to spread onto the corporate network when those devices are connected to it. For example, forensic investigations traced outbreaks of the Sasser virus within a corporate network back to a single infected laptop.

It is important that regularly updated content filtering and multi-software anti-virus and anti-spam solutions are implemented at the desktop as well as at the network gateway to guard against these threats. Context has many years of experience providing independent advice on the design, selection and implementation of content security solutions. We also offer forensic investigation and testing services designed to help clients discover whether a breach of acceptable use policy is indicative of a larger problem, and to help ensure that system filtering and monitoring are stringent enough to prevent the wrong material passing out of the organisation.

See our e-Crime and penetration testing pages for more details.

How we can help

We are an independent security consultancy, specialising in both technical security and information assurance services.

Get in touch with us

CAT

Our new flagship
tool CAT is perfect
for identifying application
security vulnerabilities.

More about CAT

 

Website Design : Design by Structure.