11 Steps for Successful IT Security

Dec 1, 2002 12:00 PM

Computer and Internet Security ranked No. 4 right behind terrorism in Pinkerton's annual Top Security Threats Survey of Fortune 1000 Businesses. Bruce Smith, Pinkerton's director of computer forensics, believes organizations should have already done a bottom-up review of their operations.

Some organizations, however, are just starting to look at their IT departments and make sure they are hiring the right people and have the right procedures and plans in place.

Pinkerton IT experts have come up with the following list of “11 Steps for Successful IT Security,” a checklist for high-level executives and their IT staff.

1. Install a Firewall. This can be hardware or software that sits between your network and the outside world. It controls who get through to the network and can prevent unauthorized users from accessing proprietary resources.

2. Apply the latest patches to your software. Software is being written and modified every day; keep up with the latest updates. Make sure you are applying patches not only to your operating system, but also to application software, such as office suite software and e-mail programs.

3. Encrypt internal network traffic. Encrypt important and confidential e-mails so outsiders are unable to read them.

4. Change passwords frequently. This makes it harder for an outsider to get into an internal site because once they crack the password, it might have already been changed. Discourage use of common phrases for passwords, recommend using a random alphanumeric combination.

5. Hire enough quality professionals. IT specialists should have a solid understanding of networking areas of vulnerability, intrusion detection, etc., and should be familiar with the type of system the company uses. You also want to make sure you have enough quality people to support your system. Cutting corners and having an inadequately staffed IT department leave companies vulnerable.

6. Install Intrusion Detection software and monitor it regularly. Even with firewalls, unauthorized users may gain access to the system. Intrusion detection software is the next line of defense.

7. Establish a corporate-wide user policy and enforce it. In spite of extensive media coverage about hackers and viruses, internal security incidents continue to be a major problem. Educate employees on the appropriate use of e-mails; how to guard Intellectual Property and Proprietary information; and how to avoid exposing the network to potential viruses.

8. Establish a regular schedule to back up your data and adhere to it. Periodically test the backup results to insure the backup is valid and useable.

9. Establish an incident response plan. Make sure you have a plan in case of an emergency. Test it regularly and refine it as necessary.

10. Hire another set of eyes. Hire a professional third party to test your IT system and look for the vulnerabilities or holes.

11. Invest in comprehensive cyber insurance. Insurance policies can protect against a number of things, including: virus and hacker attacks, fraudulent/malicious acts of employees, loss of computer systems, extortion against information systems, loss of intellectual property, business interruption, and more.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue