As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

A: A typical business's IT department faces installation, hardware and software challenges every day. Keeping up with the ever-changing world of viruses, intrusions and security breeches almost impossible for a busy department. It's estimated that five to 10 million IT professionals are in this situation. They're being called on to install PCs rather than find a security patch for the latest virus.

According to the e-zine W2Knews , cyberattacks reached an all-time high in September 2002. Internet domains within the United States were the most under fire, with more than five times the number of attacks as the second leading country's domains. U.S. Web sites attacked included those for the House of Representatives, the Department of Agriculture, the Department of Education and the National Park Service, to name just a few.

If these organizations' Web sites are this easy to attack, what does that say about how easy it is to attack a company's site, a bank's site or a telecommunications site that we use in everyday business and life in general?

The recently published Draft Strategy to Secure Cyberspace from President Bush's Critical Infrastructure Board clearly states that each business or organization needs to take its own appropriate action to protect itself from the threat of attacks on its information systems. That in itself is a pretty bold mission statement, one that many IT departments, professionals and whole companies have put aside. It's not until they have an attack or a security intrusion that they take this statement more seriously.

The recommended action includes audition systems to find vulnerabilities, updating systems where security is in place and ensuring that the provided security services are managed on an ongoing, real-time basis.

One solution for entrepreneurs is information published by Co-Logic Security Ltd., a small IT security company in New Zealand that has created a huge database on IT security vulnerabilities and exploits that's available free of charge. The site targets IT professionals who lack the necessary knowledge, time or resources. The database contains information on almost every product (software, hardware, network, security products and so on), as well as outstanding vulnerabilities, any fixes the suppliers have provided, very extensive topics folders on anything to do with IT security and more.

The information is organized according to routers and networks, firewalls, operating systems, databases, applications and so on. Any organization can access it to read up on the possible vulnerabilities in the products they've installed as part of their IT infrastructure.

The site keeps track of new viruses and worms that are announced by the major software suppliers. It actually allows a search on the subject line, or length of a newly received e-mail attachment, suspected to be a possible virus, even when the e-mail seems to come from a "trusted friend."

Those who will benefit most from this site are businesses that have Microsoft products installed; that use mainstream Unix, Linux or Windows operating systems; that have Web sites; that run accounting and management software; and that send out newsletters to their customers.

For large and midsized businesses, managed services by a third party information security firm is usually the answer. Some companies spend an inordinate amount of time just assessing their vulnerabilities. An audit by a third party firm can cut this time drastically and move closer to the implementation of real solutions. Post-audit managed services can then keep up with all the viruses and attackers that are changing on a daily basis. Even some large IT firms outsource the security portion of their business. If you treat it like an insurance policy, your business will be more secure.