This title is one of those that seem very simple, yet cover a complex group of skills and activities. In very simple terms security consultants provide advice and guidance to ensure the IT systems of a company are as secure as possible against a range of possible threats. Effective security consultancy depends on how well the consultant can combine expertise in those skills, and have the experience to ensure all activities are robust against possible threat.
What specific aspects will a security consultant consider?
- Hardware and configuration
- Network and connections
- Known threats, and potential weaknesses
Hardware and Configuration
The hardware being used by a company can have a significant effect on security, especially if it is performing close to, or beyond its designed capacity. A consultant must have an awareness of each element of the hardware, and of how it could pose a risk if stressed. How does the unit react if overloaded – “Distributed Denial of Service” attacks are not uncommon, and partly rely on pushing hardware beyond its limits. Are there measuring sensors in use, giving warning if a hardware unit is unexpectedly loaded? What other sensors are used to guard – motion-detecting cameras, or audio detectors for instance?
Temperature sensors can indicate high load. Is there redundancy built in to ensure critical systems remain active despite catastrophe? A consultant must have a clear idea of the nature of the company’s activities to best advise what equipment is essential, and what is desirable if resources permit.
Network and Connections
A single battery-powered computer in a locked room, with no external connections, is very secure against network threats. However, it cannot offer any of the power of online connection, so some kind of connection, or network, is essential for most businesses. Sadly that connection can prove a security nightmare.
As with hardware, the key requirement of an effective security consultant is awareness of the needs of the company. Key question – do they need to connect to the internet? If not a private network can be a wise choice, prohibiting any external connectivity. If an internet connection is required, how do they allow general users to connect inwards, whilst protecting security? Many companies, especially ones dealing with customer information or finance, will have hybrid networks with some sections open to public access, whilst other sections remain confidential. Setting the security of these is particularly important.
Most, if not all, of a company’s technological equipment, will use software to achieve results. If this software is not up-to-date and correctly installed it can provide a great weakness for a potential hacker to exploit. A security consultant must, therefore, be very informed about what current software can do, and what its weaknesses are.
“Black hat” hackers, out to malevolently invade a system, will be quick to exploit weaknesses, so a good security consultant needs to be aware of potential and actual vulnerabilities, and how to protect against them being used. Sometimes this may involve using “white hat” hackers who try to test the weaknesses using similar techniques as malevolent operators, to highlight where needs defence.
The people who work in a company are often their greatest asset, but can also pose one of the biggest dangers. A security consultant can provide advice and guidance about protocols used by employees, training in security observance, and help with recruiting suitably secure individuals.
Known Threats and Potential Weaknesses
One of the most important ways a security consultant can help a company is to provide advance warning of, and defence against forthcoming threats.
To summarise, the most important ability of a good security consultant is their awareness of the totality of a company’s actions, so that they can prepare them against potential threats before they become actual. Why not talk to us – 6S Global – for expert advice?