MELBOURNE IT ENTERPRISE SERVICES
CHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS
MELBOURNE IT ENTERPRISE SERVICES 2
CHECKLIST:ONLINE SECURITY STRATEGY
Cyber threats continue to rapidly evolve in frequency and sophistication, posing a constant and serious threat to business organisations that have an online presence. In order to maintain an effective defense against these growing threats, a company needs to ensure that its online security strategy accounts for
a wide range of key considerations in order to prove flexible, scalable and reliable in the long run.
This checklist has been designed to help you assess your approach towards online security and identify if there are any areas
of your strategy that require re-evaluation. After reading through the questions posed by this checklist you should have a
firm grasp of how comprehensive your security strategy is, whether it is ready for implementation and those gaps that need
to be filled.
Are you aware of the increasing frequency and severity of DoS/DDoS attacks?
Is your business prepared for the loss of revenue caused by DDoS downtime?
Are you aware of the impact of a successful DDoS attack on departments other than IT? Do
you know how sales/marketing/PR/logistics/customer service will be affected by prolonged
periods of downtime?
Are you familiar with Economic DDoS attacks specifically designed to incur massive
bandwidth usage costs?
Are you aware of the rapidly evolving sophistication of attacks that utilise SQL Injection,
Remote File Inclusion and Local File Inclusion to access sensitive data and then steal or
delete it?
Are you familiar with attacks that compromise the DNS in order for hackers to redirect
legitimate traffic and send it to sites for fraud and/or propaganda purposes?
Are you aware of the long-lasting repercussions of successful data theft attacks that can
permanently harm an organisation’s reputational standing?
IDENTIFYING KNOWN THREATS AND THEIR IMPACTUse the following questions to assess whether you are sufficiently aware of the current threat
landscape to develop a comprehensive multi-layered online security strategy:
MELBOURNE IT ENTERPRISE SERVICES 3
Does your business rely purely on in-house defenses such as firewalls and routers?
Did you know that amplification and redirection attacks can easily circumnavigate such
traditional defenses?
Are you aware of the need for multi-layered web security to protect you at the network and
web application levels?
Are you familiar with the varying levels of effectiveness of devices that represent a single
point of failure versus cloud-based services that live outside your data centre and secure
traffic before it reaches your infrastructure?
Does your security strategy include provisions for scalable bandwidth usage in order to keep
your servers running during a severe DDoS attack?
Does your proposed security solution include threat detection and monitoring tools that
inspect your organisation’s web applications for potential vulnerabilities?
Are you aware of both the benefits and limitations of front-end applications protected by a
WAF?
If you are utilising a WAF, is it managed in-house or by a service provider who can input WAF
rules that allow situational awareness against developing threats without compromising web
performance?
Have you considered making use of website protection services that utilise a Content
Delivery Network (CDN) built with distributed server architecture rather than a single point of
failure?
Are you practising good internet hygiene as part of your long-term security strategy? I.e.: Are
you writing applications with secure code, defining secure configurations and keeping your
software up to date by installing the latest security patches?
CONSTRUCTING AN EFFECTIVE SECURITY SOLUTION The following questions will help determine whether your current security solution is sufficiently
robust and proactive to adequately protect your business:
CHECKLIST:ONLINE SECURITY STRATEGY
MELBOURNE IT ENTERPRISE SERVICES 4
Is your online security solution “always-on” or “on demand”?
Have you carefully considered the various benefits and drawbacks of both systems regarding
affordability, performance and security?
Is your chosen system available to adequately protect your organisation’s online assets in the
event of a cyber attack?
Have you considered the cost of a cleanup after successful attacks versus the ongoing
expense of making your security solution available to protecting against them?
AVAILABILITYAvailability is a vital consideration when developing a security solution as it cannot defend your
data infrastructure if it remains inactive at the time of an attack. Vital questions to consider:
Do you have a comprehensive grasp of the TCO of your online security solution?
Does the TCO include the physical hardware, software, cloud services and service level
agreements with the provider?
Does your TCO account for the ongoing cost of the security solution’s effect on web
performance?
Has it been optimised to allow for peak web performance without compromising security?
Have you factored in extreme conditions such as a dedicated Economic DDoS attack? Does
your cloud service provider cap bandwidth fees to evade EDDoS?
Have you carefully considered the benefits of an “always-on” security solution compared to
an “on demand” solution and weighed their respective cost factors?
TOTAL COST OF OWNERSHIPOnline security represents an ongoing investment, the costs of which need to be properly
accounted for. Use the following questions to understand the TCO of your business’ online
security:
CHECKLIST:ONLINE SECURITY STRATEGY
MELBOURNE IT ENTERPRISE SERVICES 5
Does your online security solution offer protection against current and evolving threats?
Does the solution absorb all attack traffic before it hits your data infrastructure?
Is your solution inline and designed to automatically monitor for threats without human
interface?
If using a cloud service provider, does your provider have a sufficiently large CDN to offer
comprehensive coverage to all of its clients?
Are you able to detect new cyber threat patterns as they emerge and evolve? Does your
cloud service provider monitor sufficient daily traffic volumes to monitor these emerging
patterns and develop effective defensive techniques to counter them?
CONTINUAL MONITORING AND EVOLUTIONAs new cyber threats evolve, your security solution must evolve with it. Use the following questions
to determine whether it is proactive enough to protect your business from future as well as current
threats:
ABOUT MELBOURNE IT
Melbourne IT Enterprise Services designs, builds and manages cloud solutions for Australia’s leading enterprises. Its
expert staff help solve business challenges and build cultures that enable organisations to use technology investments
efficiently and improve long-term value. With more than 15 years’ experience in delivering managed outcomes to Australian
enterprises, Melbourne IT has been long associated with enabling success. Its certified cloud, consulting, and security
experts repeatedly deliver results. This is why many of the brands you already know and trust, rely on Melbourne IT.
For more information, visit www.melbourneitenterprise.com.au
CHECKLIST:ONLINE SECURITY STRATEGY
THE RIGHT SOLUTION IS MELBOURNE ITmelbourneitenterprise.com.au
1800 664 222 [email protected]