MELBOURNE IT ENTERPRISE SERVICES

CHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS

MELBOURNE IT ENTERPRISE SERVICES 2

CHECKLIST:ONLINE SECURITY STRATEGY

Cyber threats continue to rapidly evolve in frequency and sophistication, posing a constant and serious threat to business organisations that have an online presence. In order to maintain an effective defense against these growing threats, a company needs to ensure that its online security strategy accounts for

a wide range of key considerations in order to prove flexible, scalable and reliable in the long run.

This checklist has been designed to help you assess your approach towards online security and identify if there are any areas

of your strategy that require re-evaluation. After reading through the questions posed by this checklist you should have a

firm grasp of how comprehensive your security strategy is, whether it is ready for implementation and those gaps that need

to be filled.

Are you aware of the increasing frequency and severity of DoS/DDoS attacks?

Is your business prepared for the loss of revenue caused by DDoS downtime?

Are you aware of the impact of a successful DDoS attack on departments other than IT? Do

you know how sales/marketing/PR/logistics/customer service will be affected by prolonged

periods of downtime?

Are you familiar with Economic DDoS attacks specifically designed to incur massive

bandwidth usage costs?

Are you aware of the rapidly evolving sophistication of attacks that utilise SQL Injection,

Remote File Inclusion and Local File Inclusion to access sensitive data and then steal or

delete it?

Are you familiar with attacks that compromise the DNS in order for hackers to redirect

legitimate traffic and send it to sites for fraud and/or propaganda purposes?

Are you aware of the long-lasting repercussions of successful data theft attacks that can

permanently harm an organisation’s reputational standing?

IDENTIFYING KNOWN THREATS AND THEIR IMPACTUse the following questions to assess whether you are sufficiently aware of the current threat

landscape to develop a comprehensive multi-layered online security strategy:

MELBOURNE IT ENTERPRISE SERVICES 3

Does your business rely purely on in-house defenses such as firewalls and routers?

Did you know that amplification and redirection attacks can easily circumnavigate such

traditional defenses?

Are you aware of the need for multi-layered web security to protect you at the network and

web application levels?

Are you familiar with the varying levels of effectiveness of devices that represent a single

point of failure versus cloud-based services that live outside your data centre and secure

traffic before it reaches your infrastructure?

Does your security strategy include provisions for scalable bandwidth usage in order to keep

your servers running during a severe DDoS attack?

Does your proposed security solution include threat detection and monitoring tools that

inspect your organisation’s web applications for potential vulnerabilities?

Are you aware of both the benefits and limitations of front-end applications protected by a

WAF?

If you are utilising a WAF, is it managed in-house or by a service provider who can input WAF

rules that allow situational awareness against developing threats without compromising web

performance?

Have you considered making use of website protection services that utilise a Content

Delivery Network (CDN) built with distributed server architecture rather than a single point of

failure?

Are you practising good internet hygiene as part of your long-term security strategy? I.e.: Are

you writing applications with secure code, defining secure configurations and keeping your

software up to date by installing the latest security patches?

CONSTRUCTING AN EFFECTIVE SECURITY SOLUTION The following questions will help determine whether your current security solution is sufficiently

robust and proactive to adequately protect your business:

CHECKLIST:ONLINE SECURITY STRATEGY

MELBOURNE IT ENTERPRISE SERVICES 4

Is your online security solution “always-on” or “on demand”?

Have you carefully considered the various benefits and drawbacks of both systems regarding

affordability, performance and security?

Is your chosen system available to adequately protect your organisation’s online assets in the

event of a cyber attack?

Have you considered the cost of a cleanup after successful attacks versus the ongoing

expense of making your security solution available to protecting against them?

AVAILABILITYAvailability is a vital consideration when developing a security solution as it cannot defend your

data infrastructure if it remains inactive at the time of an attack. Vital questions to consider:

Do you have a comprehensive grasp of the TCO of your online security solution?

Does the TCO include the physical hardware, software, cloud services and service level

agreements with the provider?

Does your TCO account for the ongoing cost of the security solution’s effect on web

performance?

Has it been optimised to allow for peak web performance without compromising security?

Have you factored in extreme conditions such as a dedicated Economic DDoS attack? Does

your cloud service provider cap bandwidth fees to evade EDDoS?

Have you carefully considered the benefits of an “always-on” security solution compared to

an “on demand” solution and weighed their respective cost factors?

TOTAL COST OF OWNERSHIPOnline security represents an ongoing investment, the costs of which need to be properly

accounted for. Use the following questions to understand the TCO of your business’ online

security:

CHECKLIST:ONLINE SECURITY STRATEGY

MELBOURNE IT ENTERPRISE SERVICES 5

Does your online security solution offer protection against current and evolving threats?

Does the solution absorb all attack traffic before it hits your data infrastructure?

Is your solution inline and designed to automatically monitor for threats without human

interface?

If using a cloud service provider, does your provider have a sufficiently large CDN to offer

comprehensive coverage to all of its clients?

Are you able to detect new cyber threat patterns as they emerge and evolve? Does your

cloud service provider monitor sufficient daily traffic volumes to monitor these emerging

patterns and develop effective defensive techniques to counter them?

CONTINUAL MONITORING AND EVOLUTIONAs new cyber threats evolve, your security solution must evolve with it. Use the following questions

to determine whether it is proactive enough to protect your business from future as well as current

threats:

ABOUT MELBOURNE IT

Melbourne IT Enterprise Services designs, builds and manages cloud solutions for Australia’s leading enterprises. Its

expert staff help solve business challenges and build cultures that enable organisations to use technology investments

efficiently and improve long-term value. With more than 15 years’ experience in delivering managed outcomes to Australian

enterprises, Melbourne IT has been long associated with enabling success. Its certified cloud, consulting, and security

experts repeatedly deliver results. This is why many of the brands you already know and trust, rely on Melbourne IT.

For more information, visit www.melbourneitenterprise.com.au

CHECKLIST:ONLINE SECURITY STRATEGY

THE RIGHT SOLUTION IS MELBOURNE ITmelbourneitenterprise.com.au

1800 664 222 corporate.sales@melbourneit.com.au