Monday 14 November 2011

Security Policies

Security Software Basics

Create security policies to match the size and culture of your business. Policies must be written, enforced, and continually updated. Maintain configuration management through Security Policy implementation and systems hardening.

Inventory:
As a business owner it is important to establish a "computer software and hardware asset" inventory list and create a lifecycle plan for each piece of hardware and software. Classify data by its usage and sensitivity. Applications critical to infrastructure and essential data should be recognized.

Ownership:
Establish owners of all data assets. Identify the data covered by specific regulations and requirements. Many State and Federal laws provide specific guidelines related to managing data that contains personal information and credit card details.

Budget:
Prepare a comprehensive budget and ensure that security is a specific budget line item. Anticipate necessary software and hardware upgrades that are required to keep systems operational and protected. Budgeting preventative maintenance will result in less downtime and also save money.

Update:
Maintain patch management on all systems. Follow a regular schedule for applying patches to operating systems, software, and anti-virus updates. Regularly download recommended security updates and patches for operating systems and other software critical to operations.

Testing:
Maintain operational management through the reviewing of all log files, ensuring system backups with periodic data restores, and report any known issues or risks. Perform security testing through annual security audits and penetration scanning. Ensure physical security of systems and facilities.

Backups:
Perform scheduled backups of main systems and local drives on a regular basis. Monitor log systems to ensure that backups were completed, and test tapes to make sure that backup systems are functioning properly. Data recovery is expensive and not always effective, a good backup system will result in averted catastrophes.

Limit:
Limit access to key personnel. Both data and application access can be sensitive. Employees should only have access to files which are necessary for them to perform their duties.

Stay Alert:
Monitor news for specific security alerts that relate to critical software used within your organization. Many software companies provide alerts via RSS feeds or email lists. Search Security Protection http://www.security-protection.net for feeds related to specific security concerns.

A proactive systems management and security plan will often result in increased productivity and less downtime.

About the Author:
Francesca Black develops educational material for http://www.security-port.com and http://www.security-protection.net a top resource for locating security related RSS feeds.


View the original article here

No comments:

Post a Comment