Does this look simple to you?
I think it’s time to get back to security basics after reading the news this morning.
Yesterday, there was a run of high profile data security events: the Mozilla store data breach, the DDOS attack on Twitter and Web defacing by a Palestinian cyber-terror group on leftist Israeli Kadima party (second time in the past 18 month – this seems like biting the hand that feeds you, considering the Kadima record in attempting to attain peace with appeasement and corruption).
So – let’s get back to basics.
Here is a security policy with 6 basic security countermeasures for effective enterprise information protection and data loss prevention.
- Change default passwords that come with applications. Change those admin/admin username/passwords and change default Oracle passwords.
- Forbid shared username/passwords for systems with sensitive data
- Review user account privileges once / quarter. You may be surprised that a one-time privilege granted to a user is still there. In a large company – this should be done by a supervisor. Doing this will raise awareness and place more responsibility on employees and line managers.
- Identify critical systems and perform a software security assessment. In our data security practice in Israel and Central Europe, we have discovered that over 50 percent of data breaches were related to software bugs. Use the 7 step Business Threat Modeling methodology to do the software security assessment
- Patch to operating system vendor requirements. In Windows, Ubuntu and Red Hat Linux it’s automated and work that can be scheduled.
- Monitor for data security events on the network using the Fidelis Security XPS system (which can monitor and prevent data loss events bi-directionally inside the network or at the perimeter) or with Verdasys Digital Guardian agents at the point of use.