互联网新业务安全评估_通过网络安全评估保护您的业务

互联网新业务安全评估

Cybersecurity is critical to keeping business healthy and safe. Chances are, a significant portion of your business makes use of some online technology, from responding to emails and researching potential clients to working with colleagues and sharing important business data in the cloud. You have likely already done the work to secure your business and deployed the appropriate antivirus software and other security measures. But when was the last time you ordered up a comprehensive cybersecurity assessment?

网络安全对于保持业务健康和安全至关重要。 很有可能，您的企业很大一部分都利用了一些在线技术，从响应电子邮件，研究潜在客户到与同事合作以及在云中共享重要的业务数据。 您可能已经完成了保护业务安全的工作，并部署了适当的防病毒软件和其他安全措施。 但是，您什么时候最后一次订购了全面的网络安全评估？

A crucial time to conduct a cybersecurity assessment is before making any major change to your network setup. Some businesses assume that because they have never (knowingly) experienced a data breach, they are doing everything right and don’t need an assessment. Because healthy organizations are constantly growing and evolving, past experiences are not a reliable indicator of current or future risk.

进行网络安全评估的关键时间是在对网络设置进行任何重大更改之前。 一些企业认为，由于他们从未(明知)从未经历过数据泄露，因此他们在做的所有事情都是正确的，不需要评估。 由于健康的组织在不断发展壮大，因此过去的经验不能可靠地表明当前或未来的风险。

Risk assessments examine all business technologies in use and meant to reveal any possible vulnerabilities. The goal is to provide your business with an itemized plan that addresses all assessed risks. Having this assessment done and creating a plan, you will have the best tools you need to build a stronger, better protected and more resilient business and business network.

风险评估会检查所有正在使用的业务技术，并旨在揭示任何可能的漏洞。 目的是为您的企业提供详细计划，以解决所有评估的风险。 完成此评估并制定计划后，您将拥有构建更强大，更受保护和更具弹性的业务和业务网络所需的最佳工具。

Photo by Marvin Meyer on Unsplash

Marvin Meyer在 Unsplash上 拍摄的照片

进行资产盘点 (Conducting an Asset Inventory)

As your business scales up, so to will your network. When network expansion occurs, it is more important than ever to keep track of all of your IT assets. That is why conducting an inventory of IT assets is usually the first step in any cybersecurity assessment.

随着企业规模的扩大，网络也将随之扩大。 当发生网络扩展时，跟踪所有IT资产比以往任何时候都更为重要。 这就是为什么对IT资产进行盘点通常是任何网络安全评估的第一步。

Asset inventories include looking at all devices capable of handling and securing data. This includes local hardware items such as desktop computers, mobile devices, servers, and firewalls. Be sure not to overlook external assets as well. These would include such things as off-site servers and cloud providers.

资产清单包括查看所有能够处理和保护数据的设备。 这包括本地硬件项目，例如台式计算机，移动设备，服务器和防火墙。 确保不要忽略外部资产。 这些将包括异地服务器和云提供商。

Depending on the scope of your assessment, you may also want to include other assets like employees, office equipment, data, buildings, physical security, and more.

根据评估范围，您可能还希望包括其他资产，例如员工，办公设备，数据，建筑物，物理安全性等。

评估威胁 (Evaluating the Threats)

The second portion of a cybersecurity assessment is an evaluation of your business and network systems for any current and potential security threats:

网络安全评估的第二部分是评估您的业务和网络系统是否存在任何当前和潜在的安全威胁：

• Business activities and assets — Your business operation can reveal specific threats. One example would be a large amount of staff travel possibly creating additional risk for data loss due to unsecured devices.

  业务活动和资产 -您的业务运营可以揭示特定的威胁。 一个例子是大量的员工出差，这可能会由于不安全的设备而造成数据丢失的额外风险。

• Industry-specific risks — Your network or business data may be vulnerable to specific threats because of the type of business you are in. For instance, if your focus is on government-regulated projects or health-related data that rely on large network systems, there may be points within your operation that are particularly vulnerable to cyberattacks.

  行业特定的风险 -由于您从事的业务类型，您的网络或业务数据可能容易受到特定威胁的威胁。例如，如果您的重点是政府监管的项目或依赖大型网络系统的健康相关数据，您的运营中可能存在一些特别容易受到网络攻击的地方。

• Natural threats — Where your business is located matters. The location and size of your facilities may determine the frequency or types of natural threats (floods, fires, tornados, etc.) that could impact your business negatively.

  自然威胁 -您的业务所在地很重要。 设施的位置和规模可能会确定可能对您的业务造成负面影响的自然威胁(洪水，火灾，龙卷风等)的发生频率或类型。

• Digital crime — Industry reports and news on cybercrime coming from in a specific region or customer base may help determine the type of scams and hacks that may put your network at risk and harm sensitive business data.

  数字犯罪 -来自特定地区或客户群的行业报告和有关网络犯罪的新闻可能有助于确定可能使您的网络面临风险并危害敏感的业务数据的欺诈和黑客攻击类型。

检查系统漏洞 (Checking Your System For Vulnerabilities)

Where are the weak spots in your business or system? Any system vulnerabilities could end up becoming exploited or compromised by others. Have a penetration test conducted in which a series of breach attempts test your network for vulnerabilities. There are different penetration testing techniques depending on your business’s own specific goals and structure. Simulated attacks narrow down where system vulnerabilities may lie, how long it might take to break into a system and what assets are exposed. A good penetration test can also calculate how long it takes for a system to recover following an attack.

您的业​​务或系统中的弱点在哪里？ 任何系统漏洞都可能最终被他人利用或破坏。 进行渗透测试，其中一系列破坏尝试将测试您的网络的漏洞。 根据您企业的特定目标和结构，有不同的渗透测试技术。 模拟攻击缩小了系统漏洞的可能范围，入侵系统可能需要多长时间以及暴露了哪些资产。 良好的渗透测试还可以计算攻击后系统恢复需要多长时间。

In addition to penetration testing, you should examine related network assets for vulnerabilities. Internal factors, such as current or former employees, operating systems, patches, and firmware may all be relevant.

除了渗透测试之外，您还应该检查相关的网络资产是否存在漏洞。 内部因素，例如当前或以前的雇员，操作系统，补丁程序和固件，都可能是相关的。

满足法规遵从性要求 (Addressing Regulatory Compliance Requirements)

Some industries such as healthcare and finances have specific regulations and compliance obligations that they must meet. Failing to address these requirements adequately can result in serious legal repercussions and financial penalties. While not usually included in most cybersecurity assessments, the state of your compliance may come up when looking at system vulnerabilities. Remember to make sure regulatory compliance is a consideration if your business requires them.

医疗保健和金融等某些行业具有必须满足的特定法规和合规性义务。 未能充分满足这些要求会导致严重的法律后果和经济处罚。 尽管大多数网络安全评估通常并不包括您的法规遵从性，但是在查看系统漏洞时可能会出现合规性状态。 请记住，如果您的业务需要遵守法规，请确保遵守法规。

Consider, if you are a healthcare organization that fails to use HIPAA-compliant data handling procedures and policies to protect customer records and communications, this security vulnerability would result in a compliance violation that could end up with your business being heavily fined or even shut down.

考虑一下，如果您是一家医疗机构，但未能使用符合HIPAA要求的数据处理程序和策略来保护客户记录和通信，则此安全漏洞将导致合规性违规，最终可能导致您的企业被罚款甚至关闭。 。

Should your business be subject to a lot of industry regulations or compliance laws, include a compliance audit with your security assessment. A compliance audit will do a comprehensive survey of your operation to ensure that you are not missing anything vital.

如果您的企业要遵守许多行业法规或合规性法律，请在安全性评估中包括合规性审核。 合规性审核将对您的操作进行全面调查，以确保您没有遗漏任何重要信息。

Photo by Austin Distel on Unsplash

Austin Distel在 Unsplash上 拍摄的照片

该采取行动了 (Time To Take Action)

At the conclusion of your cybersecurity assessment, you should receive a complete report. This will summarize and break down the assessment results of your operation, including your reviewed assets, likely threats, current system vulnerabilities, and how you stand with regulation and compliance requirements. Your final report should also address any discovered weaknesses, and produce a plan for your prioritized goals.

网络安全评估结束时，您应该收到完整的报告。 这将总结并分解您的运营评估结果，包括评估的资产，可能的威胁，当前的系统漏洞以及您对法规和合规性要求的看法。 您的最终报告还应该解决所有发现的弱点，并为优先目标制定计划。

Mind you, conducting a cybersecurity assessment is not just a lone task you check off your to-do list. Once completed, you will have to make us of the expert guidance and specific recommendations regarding adjustments to your network, policies, and procedures in order to resolve what issues may have come up.

请注意，进行网络安全评估不仅是您待办事项清单的一项单身任务。 完成后，您将需要我们提供有关调整网络，策略和过程的专家指导和特定建议，以便解决可能出现的问题。

It shouldn’t end there. It will be important to repeat this evaluation regularly to make sure your business keeps ahead of ever-evolving threats or newly-exposed vulnerabilities to your overall system. Conducting an initial assessment provides you with a good idea of what could make your business vulnerable. You should consider this first assessment as a jumping-off point for creating a plan for responding to incidents and to continue monitoring your situation.

它不应该就此结束。 定期重复进行此评估非常重要，以确保您的业务始终抵御不断发展的威胁或整个系统的新漏洞。 进行初步评估可以使您很好地了解可能会使您的业务脆弱的原因。 您应该将第一次评估视为制定应对事件计划并继续监视您的情况的起点。

You may wish to hire experienced cybersecurity experts to help you through the process to get the best advice and results.

您可能希望雇用经验丰富的网络安全专家来帮助您完成整个过程，以获得最佳建议和结果。

Thank you for reading. I’d love to share more with you via my Weekly Word Roundup newsletter sent to subscribers every Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time.

感谢您的阅读。 我希望通过 每个星期天发送给订阅者的 每周Word综述 新闻稿 与您分享更多信息 。 它将包含新闻，生产力提示，生活技巧以及指向互联网上的热门故事的链接。 您可以随时取消订阅。

翻译自: https://medium.com/swlh/protect-your-business-with-a-cybersecurity-assessment-239c4154f999

互联网新业务安全评估