Best Practices - 3

Vulnerability assessment
  • Identify the assets and processes at risk
  • Focus on business risk, not technology
  • Look beyond IT turf: Consider security impact of facility and human resources policies
  • Use available automated tools for technical vulnerability scans
  • Anticipate legal obligations to ward off intruders and prevent involvement in distributed attacks
  • Consider nonelectronic information: Shred sensitive input and output forms; evaluate nonmagnetic backups (for example, microfiche)
  • Measure what really matters: lost time, not success rate in blocking attacks