Who Is Qualified to Evaluate Cybersecurity Risks?

The Doctor Is In—And Qualified to Diagnose Your Cybersecurity Risks

The chest pain was concerning. Was it simply heart burn—or the onset of a minor heart attack?

At the emergency room, a team of medical experts were able to make a far more accurate and detailed diagnosis. Without these knowledgeable professionals to run a battery of tests—and interpret the results—an important medical issue would have gone unnoticed and untreated.

In the cybersecurity field, I see similar issues. To know what’s going wrong (and right) with system security, you need a check up from someone with expertise in this area. The only way to get an accurate, reliable interpretation of your risk assessment results is from someone who knows what they're looking at.

What’s the risk of a cybersecurity misdiagnosis?

Computer security is not typically a life-or-death situation; however, misdiagnosing risk often results in an expensive loss of data and other undesirable symptoms. 

The chance of a successful outcome is increased dramatically if the risk assessment is conducted by trained personnel, and the appropriate treatment is applied to the appropriate control at the appropriate time.

Fortunately, the HelpSystems security experts are on hand to help you with that task just as those medical experts were there for me. 

Powertech, the security arm of HelpSystems, has been facilitating Security Scans on behalf of the IBM i community for 15 years. During that time, thousands of scans have been performed using a fast, lightweight utility originally designed by two well-known IBM i security gurus, Dan Reihl and the late, great John Earl. 

Numerous metrics are analyzed across seven critical configuration categories and then the scan recipient is provided with near-instantaneous insight into their state of security. For those who run additional Power OSes in their data center, we have expanded our capabilities and can also scan AIX and Linux-based servers.

Can you DIY your security assessment?

Most of the early Security Scans were performed by the customers themselves, leaving many struggling to interpret their own results. It quickly became evident that, as with a hospital X-ray or a CAT scan, this type of diagnostic tool meant less to the untrained eye.

Or worse, the reader was dangerously misinterpreting the information that was presented to them. 

It was therefore decided that the offer to scan system security would be expanded to include an optional discussion with a human expert. This evolution ensured that important questions could be asked and answered. Less obvious symptoms and conditions are also included in the diagnosis. That’s not to say folks can’t or don’t self-diagnose, but we rarely recommend it.

What happens after you get an accurate diagnosis?

One of several challenges with security on IBM i stems from the fact that after years of inattention, there’s often a lot of remediating to do. Where do we begin? Individual symptoms can be treated individually, but the best results are seen when we adopt a more holistic approach to complete server health.

Many organizations are struggling to determine the appropriate priorities, perhaps based on the perception of risk, regulatory compliance mandates, IT budgets, staff resources, internal security skills, and so on. I often see these same organizations addressing one lone vulnerability identified with a dozen others during a Security Scan—perhaps increasing their security level or reducing the number of users with 5250 command line permissions—and then moving on to the next corporate priority.

But security is unlike projects that are performed and then deemed complete. Upgrade your operating system and it’s done. Deploy a new application and, for the most part, it’s done. In comparison, (good) security prevents exploitation and abuse of the data and server technology that the business relies upon. But we adopt new technologies over time (think BYOD, cloud, etc.), and the threats and actors that target them evolve as well.

This never-ending cycle means that security work is never truly complete. That can be intimidating and discouraging to the uninitiated.

Fortunately, HelpSystems security experts are initiated. From that initial no-charge Security Scan to the prioritization and implementation of planned remediation to ongoing optimization, we are available to ride shotgun with you on this journey. Don’t try to assess your own servers’ health. Don’t struggle to figure out what to remediate first or last. And definitely don’t feel lost or alone.

I’m happy to report everything turned out okay with my emergency room visit (no heart attack!), but the experience was eye-opening. I had access to trained personnel and I wasn’t left guessing the source of the problem or reading the lab reports and x-rays myself to decide on my own treatment.

Fortunately, your systems have access to that same level of care. HelpSystems is accepting new patients and we’re ready to assist you today!

Get Your Security Scan

Find out where your systems might be vulnerable with a free, no-obligation Security Scan from the experts at HelpSystems.