Best Practices

  • Use a risk assessment process to identify where security efforts should be focused
  • Harden systems by installing updates, removing every possible component not used in normal operation, changing system defaults (especially passwords and file permissions), installing security software and performing penetration tests
  • Use interlocking security systems to protect key resources
  • Externally accessible Web applications are frequent entry points for crackers; carefully audit this code for security holes
  • Have a working backup strategy as a final fallback
  • Educate IT and end-user staff about safe computing and physical security guidelines