Saturday, February 11, 2012
Google  
Web voicendata.com
  RSS | Archive    
 Home > GOLDBOOK 2003 > NETWORK SECURITY: Policy Makes a Solution Perfect
  GOLDBOOK 2003
NETWORK SECURITY: Policy Makes a Solution Perfect
Continued from page: 1
Sunday, March 30, 2003

Security Best Practices

n Evaluate Risks: Assess internal and external business and security environments. Analyze all the available historical data to look for patterns and identify vulnerabilities. What are the special features of your business? What is your network architecture like? Is your current network security infrastructure adequate? How critical is the role played by the network in your business?

n Come up with a Security Policy: Based on risk evaluation, design and implement a security policy, and link that policy to business risks. Involve business managers in risk assessment: Involving business managers in identifying potential threats, vulnerabilities and consequent impact on business operations could help them better understand the imperatives of network security.

n Establish a Central Management Focal Point: Designate a central group to carry out the key activities. Provide the central group with ready and independent access to senior management. Designate dedicated funding and staff. Enhance staff professionalism and technical skills.

n Promote Awareness: Continually educate users and others on risks and other related policies, use attention-gaining and user-friendly techniques.

n Monitor and Evaluate Policy and Control Effectiveness: Monitor factors that affect risk and indicate security effectiveness. Use results to direct future efforts and hold managers accountable. Stay alert to new monitoring tools and techniques.

n Distinguish between policy and Guidelines: While the security policy should outline the fundamental outline that the senior management considers imperative, guidelines should provide more detailed rules for implementing broader policies. Guidelines can also be designed as an educational tool that can help network users understand and follow the desired security practices.

n Incident-handling Mechanism for Security Breaches: A security systems investigation procedure that addresses evidence preservation and forensic examination must be formulated with a trained response team in place, so as to tackle emergency.

n Third-party Assessment: External third-party audits should be regularly carried out to get an independent assessment of network security effectiveness. Look for these in one-in-all box: If you are looking for a complete security appliance then it must have at least firewall, anti-virus, IDS and content-inspection functions. However, look if too many features in one box are affecting its ability to perform. In many cases, that is likely. So avoid asking for everything in one box if your security requirements are complex.

n See that the Box Goes with the Security Policy: This is the first important factor that any enterprise should look for before buying any security appliance. One should not buy a box just because it can perform umpteen security functions. Check if the box is capable enough of meeting the stated objectives of the security policy. Also, security appliance is deployed in an extremely dynamic environment and requires constant evaluation to manage the threats posed. So check the box for scalability.

n Have a Patch Management System in Place: Such a system is needed to protect networks from virus and worm attacks. Many attacks in past have happened because an enterprise didn’t go for a patch update in time.

n Step-by-step Buying: Organizations can have a diverse range of security needs ranging from anti-virus protection to malicious content inspection and hacker attacks. However, an organization may not need all the security features at one go. Depending on the context, buy only what you need today, but keep the option of upgrading always open.

EXPERTS PANEL
Amit Kumar, national marketing manager, Tata Telecom
Naresh Wadhwa, vice-president, Cisco Systems India & SAARC
Paul Serrano, senior director of marketing, Asia-Pacific, NetScreen Technologies
Swapan Johri, director (managed security services), HCL Comnet
Vaidyanathan Iyer, national manager (eSecurity Business), Computer Associates
Lt. Col. H S Bedi, managing director, Tulip IT Services
Next Page :

If Networks Are All-pervasive, so Are the Threats too...

Page(s)   1  2  3  4  5  

Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit

Read resource on other segments

 

Subscribe to our Newsletter
Name:
Email Address:




 

Current Issue
Click here to book your copy now






Your Opinion Matters

Does cloud computing cast a cloud on the future of IT professionals?

Is your Accounts Payable Solution working for you? Think Again…

   CIOL Services
IT News | IT Jobs | IT Outsourcing | IT Shopping
 



  For Voice&Data Print Subscription
  [ Magazine Subscription ]  [ Contact Info ]  [ Media Kit ]
 
Other CyberMedia web sites
[Dataquest]  [PCQuest]  [CIOL]  [Living Digital]  [CMR India]
[DQ Channels]  [The DQweek]  [CyberMedia Events]
[CyberMedia Digital]  [Cyber Astro]  [CyberMedia India]
[Global Services]  [BioSpectrum]  [BioSpectrum Asia]  [DARE]
[Computer Shopper]   [College Buying Guide]   [Technology Review

CyberMedia India Ltd

 
  Copyright © CMIL. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.
Broken links? Problems with site? Send email to webmaster@ciol.com