Kamis, 16 November 2006

Common Security Mistakes

I received an email asking me to name common enterprise security mistakes and how to avoid them. If I'm going to provide free advice via email, I'd rather just post my thoughts here. This is my answer:

  1. Failure to maintain a complete physical asset inventory

  2. Failure to maintain a complete logical connectivity and data flow diagram

  3. Failure to maintain a complete digital asset/intellectual property inventory

  4. Failure to maintain digital situational awareness

  5. Failure to prepare for incidents

The first three items revolve around knowing your environment. If you don't know what houses your data (item 1), how that data is transported (item 2), and what data you are trying to protect (item 3), you have little chance of success.

Once you know your environment, you should learn who is trying to exploit your vulnerabilities to steal, corrupt, or deny access to your data (item 4). Security incidents will occur, so you should have policies, tools, techniques, and trained and exercised personnel ready to respond (item 5).

Tidak ada komentar:

Posting Komentar