Practical information policy

Websense essential information protection

Does this look simple to you?

I think it’s time to get back to security basics after reading the news this morning.

Yesterday, there was a  run of high profile data security events: the  Mozilla store data breach, the  DDOS attack on Twitter and Web defacing  by a Palestinian cyber-terror group on leftist Israeli Kadima party (second time in the past 18 month – this seems like biting the hand that feeds you, considering the Kadima record in attempting to attain peace with appeasement and corruption).

So – let’s get back to basics.

Here is a security policy with  6 basic security countermeasures for effective enterprise information protection and data loss prevention.

  1. Change default passwords that come with applications. Change those admin/admin username/passwords and change default Oracle passwords.
  2. Forbid shared username/passwords for systems with sensitive data
  3. Review user account privileges once / quarter.  You may be surprised that a one-time privilege granted to a user is still there. In a large company – this should be done by a supervisor. Doing this will raise awareness and place more responsibility on employees and line managers.
  4. Identify critical systems and perform a software security assessment.  In our data security practice in Israel and Central Europe, we have discovered that over 50 percent of data breaches were related to software bugs.  Use the 7 step Business Threat Modeling methodology to do the software security assessment
  5. Patch to operating system vendor requirements. In Windows, Ubuntu and Red Hat Linux it’s automated and work that can be scheduled.
  6. Monitor for data security events on the network using the Fidelis Security XPS system (which can monitor and prevent data loss events bi-directionally inside the network or at the perimeter) or with Verdasys Digital Guardian agents at the point of use.
Data loss prevention specialists for technology and telecommunications, mitigating threats from trusted insiders, criminals and business partners

Free online workshops in information security

Join us for an exciting series of 6 free online workshops on data security best practices at work, at home and for SMEs – Register for the workshops now!

Preventing intellectual property abuse

Protecting information at pharmaceutical firms
What is the right way to protect intellectual property from theft and abuse? Start by testing two hypotheses – 1) that information leakage is currently happening and 2) that a cost-effective risk mitigation plan can be defined and implemented.
Read more Preventing intellectual property abuse

Professional services

Data loss prevention solutions
For creative, effective and out-of-the-box data security solutions contact us. Ten reasons you should work with us
What risks really count for your business?
Use the 7 step Business Threat Modeling methodology to diagnose and quantify threats to customer data, strategic plans, marketing and pricing data. Business threat modeling

information assurance

Your employees send confidential documents to Gmail, but how do you quantify and mitigate the risk?
The Great Financial Crisis is a new spin for security vendor PR people, but in our experience most firms don’t know what data is leaving the company. Your first step to being more robust to an unexpected, high-impact data breach isdata discovery and business threat modeling.
Contact us today and learn more.

Free download Business threat modeling

Business management

Preparing for a disaster
Be prepared with a good disaster recovery plan. The DRP is designed to assist companies in responding quickly and effectively to a natural disaster or terror event and restore business as quickly as possible.
Read more Preparing a disaster recovery plan.

Security management

If you know what your assets are worth, it’s easy to ask for, and get a discount
Data security is often brushed aside due to budget limitations disregarding the value of company data assets. Take a clear position on which data assets are important and how much they’re worth to the company
Read more Ten steps to protecting customer data and intellectual property.

Software development risk

10 Top Mistakes of Embedded Linux Users
Picking a large foreign company for support is not the best way to go for various reasons and for smaller embedded systems, Intel isn’t necessarily the best choice.
Read more The 10 Top Mistakes of Embedded Linux Users make.

Risk assessment

IT Risk Assessment is dead
Does your IT security look like TIA – a lot of senseless shooting? Risk assessment, as currently practiced in IT security, is dead, but if we take a brick and mortar approach – we can improve security at reduced costs.
Read more The death of risk assessment.

Join the Software Associates network today

Danny Lieberman : :Danny Lieberman on Twitter

Related Posts Plugin for WordPress, Blogger...
Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply

Your email address will not be published. Required fields are marked *