|
|
Ensuring
Network Security
The Internet Security Alliance (ISAlliance)
was created in April 2001 to help accelerate the corporate response to
increasing Internet threats and security breaches on the Internet. The
organization provides the following key recommendations to IT executive
and operational management. A collaborative effort among CERT, Carnegie-
Mellon’s Software Engineering Institute, the Electronic Industries
Alliance, and numerous corporations, the Alliance also emphasizes that
potentially vulnerable organizations “must learn that security is not
a one-time activity, but rather a continuous process.”
KEY RECOMMENDATIONS
The ISAlliance surveyed organizations in a variety of
sectors to develop a list of “best practices” in promoting effective
data and network security and thereby reduce or minimize the risk of
attacks.
In summary, its key recommendations are:
-
Require all managers within an organization to
accept information security as a key job responsibility for
themselves and their employees.
-
Develop, deploy, review, and enforce security
objectives that promote key business objectives.
-
Periodically conduct information security risk
evaluations to identify critical data and network assets that may be
vulnerable to attack.
-
Develop and maintain an enterprise- wide security
architecture.
-
Establish accountability for user actions, train for
accountability, and enforce it.
-
Establish a range of specific security controls to
protect network data and other assets, and regularly verify the
integrity of installed software. Simultaneously, maintain a regular
backup schedule for these assets.
-
Develop and enforce rigorous mechanisms for user
authentication and authorization.
-
Carefully monitor network activity and assign
responsibility for reporting, evaluating, responding to network
events.
-
Control physical information assets and
resources.
-
Develop and test continuity and disaster recovery
for critical assets.
The complete report is available at www.
isalliance.org/news/requestform.cfm.
While these recommendations are only an initial step,
they are an important one for any organization who depends on the
Internet. When adopted,” the ISAlliance believes, these “best
practices" can promote a security regime that will “ensure the
survivability and security of critical information assets."
Bay Area Internet Solutions (BAIS) can help you develop
best practices for securing your Internet access and related services
from the ever increasing risks and threats prevalent today. From
firewall and virus protection solutions to security consulting and
assessments, we can help you get a head of the game. For
more information or to request a network security assessment, please email a BAIS sales executive today.
|
|
|
