Banking Technology Connections: May 1, 2012
May 1, 2012
Sonny Handan: On Virtualization
Our Firm recently hosted a training on "Security and Auditing a Virtualized Environment". This week-long class was attended Wolf's entire IT Assurance group as well as some of our clients.
One of the major "takeaways" which was continuously repeated during the training was that the virtual host needs to be protected at all cost. The main concept of virtualization is the ability to run multiple machines while only using a single host. Needless to say, if the main host is compromised, it is very possible to take down the client servers within that host.
Another "takeaway" called for a layered approach to security, which not only involves firewalls, IDS/IPS system and antivirus solutions, but also entails using separate virtual local networks (vlans) in order to isolate and protect virtual environments. In this instance, vlans would only be used for single purpose, e.g., Management vlan, server guest traffic vlan, backup vlan.
Other important topics discussed throughout the training included proper user access and administration, backup and disaster recovery solutions, resource management and usage, as well as monitoring, logging and alerting.
While virtualization has many advantages, it's important to be aware of the measures you should take to ensure your security is not compromised. Please feel free to contact me if you have any questions about your own virtual environment at firstname.lastname@example.org.
The first Tuesday of each month we will feature comments from our professionals on topical issues. Our first contributor is Sonny Handan who is a Senior Auditor in the IT Assurance Services group. He can be reached at email@example.com.
Interesting Articles of the Week
Did you check your machines? FBI Steps Up 'Internet Doomsday' Awareness Malware Campaign (Via @mattputvinski)
Banks Can't Afford to Be Afraid of Social Media (Via @banktech)
Fake Email Trick aims to Redirect Users to Malicious websites (Via @mbenlakhoua)
Banks May Not Be Able to Resist Bring Your Own Device (Via @banktech)
Do you have an article that you would like to share with the group? Let us know and we will add it to the list! Did you miss a newsletter? Check out past newsletters here.
Wolf & Company: Social Engineering: Security Goes Beyond Technology
(Speaker: Ryan Rodrigue)
5/11/12 (Cromwell, CT)
CT Bankers Association: IT Audit Training - Session I
(Speaker: Pat King)
5/15/12 (Waltham, MA)
ISACA / ISSA: May 2012 Joint Meeting
5/22/12 (Newport, RI)
ISACA RI: Annual Meeting and Seminar
ISACA NY: Network Audit and Security
5/23/12 (Westborough, MA)
Wolf CEO & Board University
As part of our ongoing commitment to contribute to the education of the industry's leaders, Wolf & Company is presenting our CEO & Board University Program. This timely program, originally created exclusively for our clients, is now open to the Boards of all local Community Institutions. Please pass on to whomever you feel may be interested.
6/6/12 (Saratoga Springs, NY)
NY Bankers Association: 9th Annual Technology, Compliance & Risk Management Forum
6/7/12 (Boxborough, MA)
MA Bankers Association: Bank Technology Conference
6/8/12 (Cromwell, CT)
CT Bankers Association: IT Audit Training - Session II
(Speaker: Will Nowik)
6/12/12 (Boston, MA)
ISACA NE: Annual Meeting and Full Day Training
6/15/12 (Marlborough, MA)
MA Bankers Association: Risk Managers Forums Session 2
Do you have an event that you would like to share with the group? Let us know and we will add it to the list!
Questions? Interested in learning more about Wolf's IT Assurance and Security services?
Please contact Matthew J. Putvinski, CPA, CISA, CISSP, Member of the Firm and Director of IT Assurance and Security services, at (617) 428-5479 or firstname.lastname@example.org.
If you would like to subscribe to this newsletter and receive it via email please contact Laura Lozada at email@example.com.