Five Steps to a Solid Security Foundation

 
 
By Joshua Weinberger  |  Posted 2004-03-15 Print this article Print
 
 
 
 
 
 
 

Applying the simplest and most basic security measures will protect companies from close to 90 percent of the threats they might face. Here are the five basic steps recommended by eWEEK Labs.

Managing enterprise security is one of the most complex and time-consuming jobs imaginable. However, applying the simplest and most basic security measures will protect companies from close to 90 percent of the threats they might face. Here are the five basic steps recommended by eWEEK Labs.

Assessment

Step 1

Security risks in enterprise IT systems have many technical elements, but the magnitude of risk is largely determined by nontechnical factors, including business relationships and IT users attitudes. Vulnerability assessment demands a multidisciplinary approach—especially because risk analysis shapes every subsequent aspect of an IT security process.

Unlike other assets, information can be stolen without being lost. Its not enough, therefore, to ensure that data remains available to those who are authorized to use it. Data access also must be denied to others, not just in the course of transactions but also during archive storage and even after disposal.

Every aspect of software availability must be scrutinized and addressed. Specific risk assessment steps include the identification of all software and hardware elements—perhaps including license files or authentication tokens—that need to be present for a particular application to be usable, followed by preparation of contingency plans for any disruption of those resources.

Managers also should discuss with risk-management professionals the extent of an organizations network interactions with suppliers and customers, and should participate in drafting appropriate agreements that limit liability for consequential damage not directly caused by the organizations own actions.

Security plans should also work hand-in-hand with regulatory-compliance mandates such as the Health Insurance Portability and Accountability Act and Sarbanes-Oxley. Many security applications and monitoring systems can serve double-duty in enforcing and monitoring regulatory compliance.

Next Page: Step 2: Prevention



 
 
 
 
Assistant Editor
joshua_weinberger@ziffdavisenterprise.com
After being on staff at The New Yorker for five years, Josh later traveled the world, hitting all seven continents in a single year. At Yale University, he majored in American Studies, English, and Theatre Studies.

 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel