 |
findprotected.com
FindProtected forum
|
| View previous topic :: View next topic |
| Author |
Message |
Robert Martis
Joined: 14 May 2005
Posts: 22
|
| Posted: Mon May 30, 2005 4:49 pm Post subject: Put policies before products in IT security battle |
|
|
There is still room for improvement when it comes to IT security staff training. Education of information security staff is paramount in improving security management.
Education has to be directed to IT security staff so they can more effectively manage the technology already in place. The view within enterprises is that more dollars will solve security problems, but it is really about implementing and maintaining the right policies.
Putting the value of products before people and procedure had created a dangerous environment. Policies need to be embraced as one of the four 'P's' - people, policy, process and last of all products.
IT education is about ensuring a security policy is delivered and clearly understood, rather than tutoring people on how to use their computer.
For example, a company needs a unified policy regarding sensitive information and protected files. People within an organization have to realize that this type of data should exist in a single copy, and it cannot be transferred from the corporate network through unauthorized access.
For details, see Put policies before products in IT security battle |
|
| Back to top |
|
Robert Martis
Joined: 14 May 2005
Posts: 22
|
| Posted: Mon Jun 13, 2005 3:47 pm Post subject: Holistic approach to data security |
|
|
Combating the crooks requires a holistic approach to data security
There are still social expectations about security that can't be met. But the practices are still so shoddy.
The new consistent approach to information security includes creating more secure online access methods, better customer authentication, hiring dedicated data security staff and improving the way large amounts of data are stored or moved.
There are some people who dismiss security issues as a sky-is-falling problem. But in fact, the sky has fallen, and it's just a matter of when a piece hits you in the head. In the new circumstances, there's going to have to be a shift in corporate thinking in managing new business risks. The public just won't stand for it.
Of course, most of these things have cost impacts. Businesses have to pony up the capital to change the way they are storing and holding data.
See the full story at Client-data losses piling up |
|
| Back to top |
|
Robert Martis
Joined: 14 May 2005
Posts: 22
|
| Posted: Sat Jul 09, 2005 5:46 pm Post subject: |
|
|
Take More Control
We know what we need to do to secure our information systems, but we just don’t do it.
We know how to prevent most attacks from being successful. But instead of systematically hardening the operating system; instead of physically securing systems; instead of instilling a culture of security that includes everyone in the business of security; instead of doing these things, we run around patching systems and screaming about the latest vulnerability that evil Microsoft has blessed us with.
Take control of overall information security – computers are one small part of that. You need a comprehensive plan that secures information wherever it resides—on the mainframe, on the Linux Web server, in the Active Directory, on a PDA, in or available through smart phones and in the hearts and minds of employees, contractors, partners and customers of your organization.
How do you enhance information security? Write the policy. Engage management in the discussion. Dig out the reference works that tell you how to secure whatever it is you have to secure and get busy.
Here are five things you can do right now that will increase security on your networks:
1. Create a Stronger Password Policy
2. Lock Down Remote Administration
3. Lock Down Administrative Workstations
4. Physically Secure All Systems
See the full story at Take Control of Your Network |
|
| Back to top |
|
| |
|