Does this look simple to you?
I think it’s time to get back to security basics after reading the news this morning.
Yesterday, there was a run of high profile data security events: the Mozilla store data breach, the DDOS attack on Twitter and Web defacing by a Palestinian cyber-terror group on leftist Israeli Kadima party (second time in the past 18 month – this seems like biting the hand that feeds you, considering the Kadima record in attempting to attain peace with appeasement and corruption).
So – let’s get back to basics.
Here is a security policy with 6 basic security countermeasures for effective enterprise information protection and data loss prevention.
- Change default passwords that come with applications. Change those admin/admin username/passwords and change default Oracle passwords.
- Forbid shared username/passwords for systems with sensitive data
- Review user account privileges once / quarter. You may be surprised that a one-time privilege granted to a user is still there. In a large company – this should be done by a supervisor. Doing this will raise awareness and place more responsibility on employees and line managers.
- Identify critical systems and perform a software security assessment. In our data security practice in Israel and Central Europe, we have discovered that over 50 percent of data breaches were related to software bugs. Use the 7 step Business Threat Modeling methodology to do the software security assessment
- Patch to operating system vendor requirements. In Windows, Ubuntu and Red Hat Linux it’s automated and work that can be scheduled.
- Monitor for data security events on the network using the Fidelis Security XPS system (which can monitor and prevent data loss events bi-directionally inside the network or at the perimeter) or with Verdasys Digital Guardian agents at the point of use.
Free online workshops in information securityJoin us for an exciting series of 6 free online workshops on data security best practices at work, at home and for SMEs – Register for the workshops now! Preventing intellectual property abuseProtecting information at pharmaceutical firms Professional servicesData loss prevention solutions information assuranceYour employees send confidential documents to Gmail, but how do you quantify and mitigate the risk? Free download Business threat modeling Business management Preparing for a disaster Security managementIf you know what your assets are worth, it’s easy to ask for, and get a discount Software development risk 10 Top Mistakes of Embedded Linux Users Risk assessmentIT Risk Assessment is dead Join the Software Associates network today
|
What is the right way to protect intellectual property from theft and abuse? Start by testing two hypotheses – 1) that information leakage is currently happening and 2) that a cost-effective risk mitigation plan can be defined and implemented.
The Great Financial Crisis is a new spin for security vendor PR people, but in our experience most firms don’t know what data is leaving the company. Your first step to being more robust to an unexpected, high-impact data breach is
